Microsoft SEAL : Find the mean of PolyCRT Ciphertext

Question

Is there an easy way to compute the mean of a ciphertext that was composed using PolyCRTBuilder and encrypted.

Here is the code snippet:

EncryptionParameters parms;
parms.set_poly_modulus("1x^4096 + 1");
parms.set_coeff_modulus(coeff_modulus_128(4096));
parms.set_plain_modulus(40961);
SEALContext context(parms);
print_parameters(context);
KeyGenerator keygen(context);
auto public_key = keygen.public_key();
// auto secret_key = keygen.secret_key();

Encryptor encryptor(context, public_key);
Evaluator evaluator(context);
// Decryptor decryptor(context, secret_key);

PolyCRTBuilder crtbuilder(context);

int slot_count = crtbuilder.slot_count();
int row_size = slot_count / 2;

vector<uint64_t> pod_matrix(slot_count, 0);
pod_matrix[0] = 5;
pod_matrix[1] = 2;
pod_matrix[2] = 56;
pod_matrix[3] = 34;
pod_matrix[row_size] = 47;
pod_matrix[row_size + 1] = 35;
pod_matrix[row_size + 2] = 16;
pod_matrix[row_size + 3] = 37;

Plaintext plain_matrix;
crtbuilder.compose(pod_matrix, plain_matrix);

Ciphertext encrypted_matrix;

encryptor.encrypt(plain_matrix, encrypted_matrix);

// Is there a way to compute the MEAN of encrypted_matrix and return one ciphertext that is the mean.
// I am trying to not use the secret key

Basically I have an array where I am packing all the array element into one ciphertext using Batching technique in SEAL. Once I create the ciphertext, I need to find the MEAN of the ciphertextArray. The mean should be a ciphertext (IntegerEncoded or FractionalEncoded) . Is there a way to achieve this without using the secret key ? Thank you.

Answer 1

You need to first sum up the values in all of the batching slots you use. This can always be done in log(degree(poly_modulus)) steps by rotating the ciphertext by 0, 1, 2, 4, 8, … slots and summing up after each rotation. For the last step you'll need to sum up the two rows also so you'll need to do a column rotation. You'll end up with a ciphertext where every slot contains the sum of the values. After decryption the plaintext polynomial in this case will simply be a constant polynomial, so make sure your plain_modulus is large enough to contain the sum.

For division by the batch size maybe you can do it after decryption, but perhaps the best option would be to use the CKKS scheme (in SEAL 3.0) in which such a ciphertext-by-plaintext division is easy.