The Brakerski–Gentry–Vaikuntanathan (BGV) scheme is a Fully Homomorphic Encryption (FHE) cryptosystem based on the Ring Learning With Error (RLWE) problem. Ciphertexts in this scheme contain an error term that grows with operations and causes decryption failure when it surpasses a certain threshold. Consequently, the parameters of BGV need to be estimated carefully, with a trade-off between security and error margin. The ciphertext space of BGV is the ring \(\mathcal {R}_q=\mathbb {Z}_q[x]/(\Phi _m(x))\), where usually the degree n of the cyclotomic polynomial \(\Phi _m(x)\) is chosen as a power of two for efficiency reasons. However, the jump between two consecutive powers-of-two polynomials also causes a jump in security, resulting in parameters that are much bigger than what is needed. In this work, we explore the non-power-of-two instantiations of BGV. Although our theoretical research encompasses results applicable to any cyclotomic ring, the focus of our investigation is the case of \({m=2^s\cdot 3^t}\) where \(s,t\ge 1\), i.e., cyclotomic polynomials with degree \({n=\phi (m)=2^s\cdot 3^{t-1}}\). We provide a thorough analysis of the noise growth in this new setting using the canonical norm and compare our results with the power-of-two case considering practical aspects like NTT algorithms. We find that in many instances, the parameter estimation process yields better results for the non-power-of-two setting.

Brakerski-Gentry-Vaikuntanathan （BGV） 方案是一种基于带错误的环学习 （RLWE） 问题的全同态加密 （FHE） 密码系统。该方案中的密文包含一个错误项，该错误项随操作而增长，当超过某个阈值时会导致解密失败。因此，需要仔细估计 BGV 的参数，并在安全性和误差幅度之间进行权衡。BGV 的密文空间是环 \（\mathcal {R}_q=\mathbb {Z}_q[x]/（\Phi _m（x）））\），其中出于效率原因，通常选择环多项式 \（\Phi _m（x）\） 的次数 n 作为 2 的幂。但是，两个连续的 2 次幂多项式之间的跳跃也会导致安全性跳跃，从而导致参数比所需参数大得多。在这项工作中，我们探讨了 BGV 的非 2 次幂实例化。尽管我们的理论研究涵盖了适用于任何环的结果，但我们研究的重点是 \（{m=2^s\cdot 3^t}\） 的情况，其中 \（s，t\ge 1\），即度数为 \（{n=\phi （m）=2^s\cdot 3^{t-1}}\） 的环多项式。我们使用规范范数对这种新设置中的噪声增长进行了全面分析，并将我们的结果与考虑 NTT 算法等实际方面的 2 的幂情况进行了比较。我们发现，在许多情况下，参数估计过程对非 2 的幂设置产生了更好的结果。