Ciphertext-to-Ciphertext Addition

D-2.4 Ciphertext-to-Ciphertext Addition

BFV’s ciphertext-to-ciphertext addition uses RLWE’s ciphertext-to-ciphertext addition scheme with the sign of the $A \cdot S$ term flipped in the encryption and decryption formula. Specifically, this is equivalent to the alternative GLWE version’s (§B-4.4) ciphertext-to-ciphertext addition scheme with $k = 1$ .

$⟨$ Summary D-2.4 $⟩$ BFV Ciphertext-to-Ciphertext Addition

${𝖱𝖫𝖶𝖤}_{S, σ} (Δ M^{⟨ 1 ⟩}) + {𝖱𝖫𝖶𝖤}_{S, σ} (Δ M^{⟨ 2 ⟩})$

$= (A^{⟨ 1 ⟩}, B^{⟨ 1 ⟩}) + (A^{⟨ 2 ⟩}, B^{⟨ 2 ⟩})$

$= (A^{⟨ 1 ⟩} + A^{⟨ 2 ⟩}, B^{⟨ 1 ⟩} + B^{⟨ 2 ⟩})$

$= {𝖱𝖫𝖶𝖤}_{S, σ} (Δ (M^{⟨ 1 ⟩} + M^{⟨ 2 ⟩}))$

[prev][parent][next]