Add Public Key Encryption

.gitignore

@@ -14,4 +14,7 @@ Cargo.lock
 *.pdb
 
 # KZG PARAMS
-params
+params
+
+# Python virtual environment
+.venv/

README.md

@@ -16,14 +16,23 @@ python3 scripts/circuit_sk.py -n 4096 -qis '[
 ]' -t 65537
 ```
 
+To generate the parameters for the public key proof of encryption circuit run the following command:
+
+```bash
+python3 scripts/circuit_pk.py -n 4096 -qis '[                                      
+    27424203952895201, 
+    27424203952895203
+]' -t 65537
+```
+
 Where `-n` is the degree of the cyclotomic polynomial that defines the ring, `-qis` is the list of moduli qis such that qis[i] is the modulus of the i-th CRT basis of the modulus q of the ciphertext space, `-t` is the plaintext modulus. The value of `𝜎` for the gaussian distribution is set to 3.2 by default.
 
 You can modify these parameters to fit your needs. Note that the python script used to generate the inputs is largely unoptimized and can take a while to run for parameters with large `n`, since the polynomial multiplication is not done using NTT.
 
 As a result:
-- A file `./src/data/sk_enc_{n}_{qis_len}x{qis_bitsize}_{t}.json` is generated including the input to the circuit that can be used for testing for those specific parameters. It includes a random secret key, a random plaintext message and the corresponding ciphertext encrypted under the secret key.
-- A file `./src/data/sk_enc_{n}_{qis_len}x{qis_bitsize}_{t}_zeroes.json` is generated. In this file all the coefficients of the input polynomials are set to zero. This input is used at key generation time, when the actual inputs are not known.
-- A file `./src/constants/sk_enc_constants_{n}_{qis_len}x{qis_bitsize}_{t}.rs` is generated including the generic constants for the circuit. Note that we separate them from the input because these should be known at compile time.
+- A file `./src/data/{p|s}k_enc_{n}_{qis_len}x{qis_bitsize}_{t}.json` is generated including the input to the circuit that can be used for testing for those specific parameters. It includes a random secret key, a random plaintext message and the corresponding ciphertext encrypted under the secret key.
+- A file `./src/data/{p|s}k_enc_{n}_{qis_len}x{qis_bitsize}_{t}_zeroes.json` is generated. In this file all the coefficients of the input polynomials are set to zero. This input is used at key generation time, when the actual inputs are not known.
+- A file `./src/constants/{p|s}k_enc_constants_{n}_{qis_len}x{qis_bitsize}_{t}.rs` is generated including the generic constants for the circuit. Note that we separate them from the input because these should be known at compile time.
 
 On top of that, the console will print an estimatation of the number of advice cells needed to compile the circuit in halo2 considering a single advice column and a lookup table of size 2^8. Spoiler: around 90% of the constraints are generated by the range checks on the polynomial coefficients.