SEAL

• Merged (PR #619): Removed unqualified calls to std::move.
• Merged (PR #651): Fixed filename typos in native examples.
• Merged (PR #662) and (PR #666): Fixed broken links in README.md.
• Merged (PR #669): Removed extra semicolons that caused compiler warnings.

Bug Fixes

• Fixed detection of intrinsics on M1 Macs (PR #597).
• Fixed old dependency version numbers in README.md (PR #596).
• Fixed release date typo in README.md.

Features

• The BGV scheme now keeps ciphertexts in NTT form. BGV ciphertext multiplication is much faster than version 4.0.0.
• When a BGV ciphertext saved by previous versions is loaded in the current version, it is automatically converted to NTT form.
• Increased SEAL_COEFF_MOD_COUNT_MAX, the maximum number of primes that define the coefficient modulus, from 64 to 256.

Other Fixes

• Fixed typos (PR #590).
• Added $schema to cgmanifest.json (PR #558).
• Fixed typos (PR #512).
• Fixed typos (PR #530).
• Fixed typos (PR #509).
• Added missing const qualifiers (PR #556).
• Added vcpkg installation instructions (PR #562).
• Fixed an issue in specific environments where allocation fails without throwing std::bad_alloc.
• Fixed comments (C++) and C/.NET wrapper implementation of an exception thrown by invariant_noise_budget.

Major API Changes

• Added new public methods mod_reduce_xxx(...) (native) and ModReduceXxx(...) (dotnet) to the class Evaluator.

Features

• Added BGV scheme (PR 283). Thanks, Alibaba Gemini Lab!
• Added a new example "BGV basics" to native and dotnet.
• Loading objects serialized by Microsoft SEAL v3.4+ are supported.
• Updated versions of dependencies: GoogleTest from 1.10.0 to 1.11.0 and GoogleBenchmark from 1.5.2 to 1.6.0.

Other Fixes

• Fixed an ambiguous comment (PR 375).

Major API Changes

• Added seal::scheme_type::bgv.
• Added a new public method parms_id() (native) to the class EncryptionParameters.
• Added a new public method Create(...) (native and dotnet) with three inputs in the class CoeffModulus.
• Added a new public method correction_factor() (native) or CorrectionFactor() (dotnet) to the class Ciphertext.
• Removed the friendship of the class EncryptionParameters to the class SEALContext.

File Changes

• native/bench/bgv.cpp is added.
• Examples are renamed and extended.

Features

• All output files including downloaded thirdparty dependencies and Visual Studio project and solution files will be created in the build directory (PR 427).
• Reduced util::try_minimal_primitive_root search iterations by half (PR 430). Thanks, zirconium-n!
• Updated .Net SDK version to 6.0.x and supported Visual Studio version to 17 2022.
• Added SEAL_AVOID_BRANCHING option to eleminate branching in critical functions when Microsoft SEAL is built with maliciously inserted compiler flags.

Bug Fixes

• Removed exceptions in KeyGenerator::CreateGaloisKeys when inputs do not include steps so that even when EncryptionParameterQualifiers::using_batching is false Galois automorphisms are still available.

File Changes

• dotnet/SEALNet.sln is removed.
• dotnet/SEALNet.sln.in is added.

Bug Fixes

• Fixed a bug when Intel HEXL is used (Issue 411) (PR414).
• Fixed an abnormal benchmark case due to AVX512 transitions when Intel HEXL is used (PR 416).

Bug Fixes

• Fixed compiler and linker errors in downstream projects when Microsoft SEAL is built with SEAL_BUILD_DEPS=ON and SEAL_USE_INTEL_HEXL=ON.
• Updated CMake minimum requirement to 3.13.

File Changes

• native/src/seal/util/intel_seal_ext.h is removed.
• native/src/seal/util/intel_seal_ext.cpp is removed.

Features

• Improved the performance of Evaluator::multiply, Evaluator::multiply_inplace, and Evaluator::square in the BFV scheme for default parameters with degree 4096 or higher.
• Improved the performance of decryption (PR 363).
• Updated to HEXL version 1.2.1 (PR 375).
• Added more benchmark cases (PR 379).

Minor API Changes

• const methods in SEALContext and SEALContext::ContextData classes that used to return a pointer or reference now have a preceeding const qualifier.

Bug Fixes

• Fixed failed tests on PowerPC architecture (Issue 360).

Bug Fixes

• Fixed an error when loading seeded ciphertexts serialized by v3.4.x from v3.5.0+.
• Fixed failed tests on ARM64 architecture (Issue 347).

Other

• Improved HEXL NTT integration (PR 349).
• Improved CKKS ciphertext multiplication (PR 346).
• Improved CKKS ciphertext square (PR 353), except that with GNU G++ compiler and 1024 degree there is a huge penalty in execution time. Users should switch from GNU G++ in this specific parameter setting if CKKS square is used.

New Features

• Updated the dependency Intel HEXL to v1.1.0 (PR 332).
• Integrated more optimizations from Intel HEXL to Microsoft SEAL.
• Intel HEXL now uses Microsoft SEAL's memory pool, so that memory allocation reported by Microsoft SEAL is more accurate.

Bug Fixes

• Fixed typos in comments (PR 328).
• Fixed a bug in DWTHandler (Issue 330).
• Fixed failing tests when SEAL_USE_ZLIB=OFF and SEAL_USE_ZTD=OFF (PR 332).
• Fixed shared library build when SEAL_USE_HEXL=ON (PR 332).
• Added missing const qualifiers to several members of BatchEncoder and Evaluator (PR 334).

New Features

• Enabled AddressSanitizer and LeakSanitizer when building Microsoft SEAL tests in Debug mode on Unix-like systems, based on (PR 318).

Bug Fixes

• Fixed alloc-dealloc-mismatch issues resolved by (PR 318).
• Fixed wrong descriptions in serializable.h and Serializable.cs reported in (Issue 316).

New Features

• Added support to build Microsoft SEAL out of the box with emscripten (PR 306).
• Added support to build Microsoft SEAL with Intel HEXL as an optional dependency (PR 312).

Other

• Improved the error message when attempting to configure with BUILD_SHARED_LIBS=ON and SEAL_BUILD_SEAL_C=ON (Issue 284).
• Added seal::random_bytes function in randomgen.h.
• Removed redundant is_metadata_valid_for invocations reported in (Issue 313).
• Minor bug fixes

File Changes

• cmake/ExternalIntelHEXL.cmake
• native/src/seal/util/intel_seal_ext.h

Hotfix - 2/18/2021

• Merged pull request (PR 282) with typo and minor bug fixes.

Bug Fixes

• Fixed an issue (Issue 278) in finding ZLIB header files when building SEAL with BUILD_SHARED_LIBS=ON.
• Fixed a member variable initialization order bug in SafeByteBuffer.

New Features

• Added benchmarks that depend on Google Benchmark in native/bench.

Other

• Changed low-level code that reduces the runtime difference among code generated by msvc, gcc, and clang.
• Using ARM64 intrinsics for better performance (PR 269).

• Fixed a bug reported in (Issue 248) and (Issue 249): in in-place Zstandard compression the input buffer head location was not correctly updated, resulting in huge memory use.

Hotfix - 12/2/2020

• Fixed an issue with CMake system where a shared Zstandard was not correctly handled (it is not supported).

Hotfix - 11/17/2020

• Fixed issue with CMake system where BUILD_SHARED_LIBS=ON and SEAL_BUILD_DEPS=ON resulted in Zstandard header files not being visible to the build (Issue 242).

Hotfix - 11/16/2020

• Fixed issues with CMake system overwriting existing FETCHCONTENT_BASE_DIR (Issue 242).
• Corrected mistakes and typos in README.md.

New Features

• Added support for Zstandard compression as a much more efficient alternative to ZLIB.
  The performance improvement is around 20–30x.
• Added support for iOS in the NuGet package of Microsoft SEAL.
• The build system is unified for all platforms.
  There is no longer a Visual Studio solution file (seal.sln) for Windows.
  There is a separate solution file for the dotnet library (dotnet/SEALNet.sln).
• Added support for Shake256 (FIPS-202) XOF for pseudo-random number generation in addition to the default Blake2xb (faster).
• Microsoft SEAL 3.6 is backwards compatible with 3.4 and 3.5 when deserializing, but it does not support serializing in the old formats.

Major API Changes

• All C++ enum labels are consistently in lowercase. Most importantly, scheme_type::BFV and scheme_type::CKKS are changed to scheme_type::bfv and scheme_type::ckks.
• Changed seal::SEAL_BYTE to seal::seal_byte; all uppercase names are used only for preprocessor macros.
• Removed BatchEncoder API for encoding and decoding Plaintext objects inplace.
  This is because a Plaintext object with slot-data written into the coefficients is (confusingly) not valid to be used for encryption.
• Removed IntegerEncoder and BigUInt classes.
  IntegerEncoder results in inefficient homomorphic evaluation and lacks sane correctness properties, so it was basically impossible to use in real applications.
  The BigUInt class was only used by the IntegerEncoder.
• All Encryptor::encrypt variants have now two overloads: one that takes a Ciphertext out-parameter, and one that returns a Serializable<Ciphertext>.
• Changed the names of the public key generation functions to clearly express that a new key is created each time, e.g., KeyGenerator::create_public_key.
• Removed the KeyGenerator::relin_keys_local and KeyGenerator::galois_keys_local functions.
  These were poorly named and have been replaced with overloads of KeyGenerator::create_relin_keys and KeyGenerator::create_galois_keys that take an out-parameter of type RelinKeys or GaloisKeys.
• Renamed IntArray to DynArray (dynamic array) and removed unnecessary limitations on the object type template parameter.
• Added public API for modular reduction to the Modulus class.
• Added API for creating DynArray and Plaintext objects from a gsl::span<std::uint64_t> (C++) or IEnumerable<ulong> (C#).

Minor API Changes

• Added std::hash implementation for EncryptionParameters (in addition to parms_id_type) so it is possible to create e.g. std::unordered_map of EncryptionParameters.
• Added API to UniformRandomGeneratorFactory to find whether the factory uses a default seed and to retrieve that seed.
• Added const overloads for DynArray::begin and DynArray::end.
• Added a Shake256PRNG and Shake256PRNGFactory classes.
  Renamed BlakePRNG class to Blake2xbPRNG, and BlakePRNGFactory class to Blake2xbPRNGFactory.
• Added a serializable UniformRandomGeneratorInfo class that represents the type of an extendable output function and a seed value.
• Added native/src/seal/version.h defining a struct SEALVersion.
  This is used internally to route deserialization logic to correct functions depending on loaded SEALHeader version.

New Build Options

• SEAL_BUILD_DEPS controls whether dependencies are downloaded and built into Microsoft SEAL or searched from the system.
• Only a shared library will be built when BUILD_SHARED_LIBS is set to ON. Previously a static library was always built.
• Encryption error is sampled from a Centered Binomial Distribution (CBD) by default unless SEAL_USE_GAUSSIAN_NOISE is set to ON.
  Sampling from a CBD is constant-time and faster than sampling from a Gaussian distribution, which is why it is used by many of the NIST PQC finalists.
• SEAL_DEFAULT_PRNG controls which XOF is used for pseudo-random number generation.
  The available values are Blake2xb (default) and Shake256.

Other

• The pkg-config system has been improved.
  All files related to pkg-config have been moved to pkgconfig/.
  CMake creates now also a pkg-config file seal_shared.pc for compiling against a shared Microsoft SEAL if BUILD_SHARED_LIBS is set to ON.
• Added .pre-commit-config.yaml (check out pre-commit if you are not familiar with this tool).
• Added seal::util::DWTHandler and seal::util::Arithmetic class templates that unify the implementation of FFT (used by CKKSEncoder) and NTT (used by polynomial arithmetic).
• The performance of encoding and decoding in CKKS are improved.
• The performance of randomness generation for ciphertexts and keys (RLWE samples) is improved.

File Changes

Renamed files and directories

• native/src/seal/intarray.h to native/src/seal/dynarray.h
• dotnet/src/SEALNet.csproj to dotnet/src/SEALNet.csproj.in
• dotnet/tests/SEALNetTest.csproj to dotnet/tests/SEALNetTest.csproj.in
• dotnet/examples/SEALNetExamples.csproj to dotnet/examples/SEALNetExamples.csproj.in

New files

• native/src/seal/util/dwthandler.h
• native/src/seal/util/fips202.h
• native/src/seal/util/fips202.c
• native/src/seal/version.h
• dotnet/SEALNet.sln
• .pre-commit-config.yaml

Removed files

• dotnet/src/BigUInt.cs
• dotnet/src/IntegerEncoder.cs
• dotnet/tests/BigUIntTests.cs
• dotnet/tests/IntegerEncoderTests.cs
• native/examples/SEALExamples.vcxproj
• native/examples/SEALExamples.vcxproj.filters
• native/src/CMakeConfig.cmd
• native/src/SEAL_C.vcxproj
• native/src/SEAL_C.vcxproj.filters
• native/src/SEAL.vcxproj
• native/src/SEAL.vcxproj.filters
• native/src/seal/biguint.h
• native/src/seal/biguint.cpp
• native/src/seal/intencoder.h
• native/src/seal/intencoder.cpp
• native/tests/packages.config
• native/tests/SEALTest.vcxproj
• native/tests/SEALTest.vcxproj.filters
• native/tests/seal/biguint.cpp
• native/tests/seal/intencoder.cpp
• thirdparty/
• SEAL.sln

Bug fixes

• Fixed (Issue 216).
• Fixed (Issue 210).

Other

• The bug fixed in (PR 209) also affects Android. Changed version to 3.5.8 where this is fixed.

Hotfix - 8/28/2020

• Merged (PR 209). Thanks s0l0ist!

Bug fixes

• Fixed an omission in input validation in decryption: the size of the ciphertext was not checked to be non-zero.

Other

• In Windows switch to using RtlGenRandom if the BCrypt API fails.
• Improved performance in serialization: data clearing memory pools were always used before, but now are only used for the secret key.
• Use native APIs for memory clearing, when available, instead of for-loop.

Bug fixes

• Fixed a bug where setting a PRNG factory to use a constant seed did not result in deterministic ciphertexts or public keys.
  The problem was that the specified PRNG factory was not used to sample the uniform part of the RLWE sample(s), but instead a fresh (secure) PRNG was always created and used.
• Fixed a bug where the parms_id of a Plaintext was not cleared correctly before resizing in Decryptor::bfv_decrypt.
  As a result, a plaintext in NTT form could not be used as the destination for decrypting a BFV ciphertext.

Other

• Merged pull request (Issue 190) to replace global statics with function-local statics to avoid creating these objects unless they are actually used.

Hotfix -- 7/6/2020

• Fixed (Issue 188).

New features

• Added a struct seal::util::MultiplyUIntModOperand in native/src/seal/util/uintarithsmallmod.h.
  This struct handles precomputation data for Barrett style modular multiplication.
• Added new overloads for modular arithmetic in native/src/seal/util/uintarithsmallmod.h where one operand is replaced by a MultiplyUIntModOperand instance for improved performance when the same operand is used repeatedly.
• Changed the name of seal::util::barrett_reduce_63 to seal::util::barrett_reduce_64; the name was misleading and only referred to the size of the modulus.
• Added seal::util::StrideIter in native/src/seal/util/iterator.h.
• Added macros SEAL_ALLOCATE_GET_PTR_ITER and SEAL_ALLOCATE_GET_STRIDE_ITER in native/src/seal/util/defines.h.

Other

• Significant performance improvements from merging pull request (PR 185) and implementing other improvements of the same style (see above).
• Removed a lot of old and unused code.