# Sparse secret encapsulation The main idea is to switch keys of a ciphertext after S2C with a new secret key with small hamming weight (32) in level 0. This key is called ephermal key. Then, compute mod_up. Then, switch the key back to the original secret in top BTS level. Note: This reduce the number $K$ and so we use smaller degree polynomial to "clean" the terms $qIK$. switching back to the original key maintain is required so we can use rotation and re-linearization switch keys. Those keys require higher hamming weight in higher levels of the modulo chain. The small hamming weight key reduces the size of K to 12 (before was 24). This enable to reduce the dimension of the $\sin(2\pi K x)$ approximation in the homomorphic modulo. Another benefit is that it reduce BTS failure probability to 1/3G (before it was 1/2K). This also allow to replace all default secrets in all levels (except level 0) to have hamming weight N/2. This enable to use larger modulo for the scheme i.e., more levels or more special primes for key switch that will speedup switching keys. Also, this remove the need to change parameters every time a new attack on sparse key is published. $\boxed{\text{The new insight is that a scheme could have non fixed hamming weight secret.}}$ ## Why this procedure is secure? Those switch keys are secure as the switch key in level 0 is a ciphertext w.r.t the new secret key with low hamming weight. Encryption modulo level 0 enables a small hamming weight secret to satisfy 128 bit security. The switch key in the top BTS level is an encryption in the top level of a message containing the secret key from level 0 w.r.t the default secret key that has higher hamming weight and suitable for top level with 128bit level security. Tag: #tech Reference: [Bootstrapping for Approximate Homomorphic Encryption with Negligible Failure-Probability by Using Sparse-Secret Encapsulation](https://eprint.iacr.org/2022/024.pdf#page=16.24) ## Created 2025-08-05 13:45