This allows to create CompactCiphertextList and
ProvenCompactCiphertextList using a seed, so that the
encryption can be reproduced
* Follows NIST submission:
- Create XofSeed from some seed bytes
- Then init a NoiseRandomGenerator from the XofSeed
- Use the gnerator to do the public encryption
- When a zk proof is needed, for each chunk create the seed for the
zk-proof by taking the next 16 bytes of noise_random_generator.
This is custom to tfhe-rs as NIST submission does not cover this case
* JS API + tests included
* Backward compatibility tests
Backward compatibility tests are included, as since this produces seeded
data, we need to be able to guarantee backward compatibility.
Now that the csprng can start from FIRST, we make it
start from FIRST.
Other changes are:
1) Using std::ops::Bound as the type of the bound/end in AesCtrGenerator
and State makes it more explicit for the caller what bound it uses
(Excluded, Included, Unbounded).
2) add proper overflow check in skip_bytes/check_fork
Without these overflow checks the state would wrap, it could lead to
misuses
This means by default data generated from previous versions
is not compatible with newer versions unless explicitely constructed
with the correct AesCtrParams (starting at SECOND).
This is fine for compressed data generated by tfhe-rs thanks
to the versionning system.
The test-vectors had to be regenerated as they did change
Backward data for xof has also been regenerated, as its was only added
in main branch (not release) thus data is considered not stable yet
Added a full server key to the backward data that uses this new generator
* This changes allows to use compression seeds for which the initial seed
is a XofSeed. Also storing a TableIndex allows to use the same generator
to generate multiple Seeded entities as it's needed for CompressionXofKeySet.
* Add some PartialEq derives and a test to make sure expanding a
CompressedXofKeySet via its specific method (which is written as the
NIST document specifies, using one generator seeded at the beginning)
or using the method of CompressedServerKey (i.e each entity that
needs to be decompressed re-seeds its own generator) yields
matching results.
Backward data is regenerated because the CompressionSeed changed, but it
is ok as the previous changes were not in production yet
Change the type used to store a block count in
DataKind to NonZero. This makes it impossible to store
'empty' kinds such as DataKind::Unsigned(0), DataKind::Signed(0).
Also, when deserializing, if the count is zero and error will be
returned, adding an additional layer of sanitization.
