 My name is Son Kim. In this video, I'm going to introduce the research of e-battery algorithm in CKKS bootstrapping. CKKS, the topic of this research, is a homomorphic encryption scheme. A homomorphic encryption scheme is an encryption scheme which supports computation on its cybertext without decrypting it. Consider a situation as follows. The message is owned by a client, and the computation method is provided by a service provider on a server. How can the client get the result without informing the message to the server? A homomorphic encryption scheme addresses such a situation by supporting three operations, encryption, decryption, and a method to evaluate the computation homomorphically on a cybertext. Given those, the client may get the desired result by increasing their message, sending the cybertext to the server, and decrypting the result's cybertext. CKKS is a representative homomorphic encryption scheme which is widely known for its ability to encrypt real numbers and to perform approximate hours of mathematics. One challenge of the early CKKS was that the adaptive evaluation circuit is limited in detail. A CKKS cybertext belongs to a certain space called modulus, and the size of this space diminishes for each multiplication. After applying a fixed number of multiplications, the cybertext would be run out of the size of modulus, so it could not be evaluated any further. CKKS bootstrapping is a technique which is invented to solve this problem. Bootstrapping is an operation which recovers the cybertext modulus. Whenever the modulus is depleted, we can bootstrapping the cybertext and continue evaluating the circuit on the bootstrapped one. This enables CKKS to allow evaluation of a limit depth. In other words, CKKS successfully becomes a fully homomorphic encryption scheme. The problem is that despite of the fact that bootstrapping is an operation which recovers modulus, it consumes modulus at the same time. Bootstrapping algorithm consists of few steps, and the first step which is called modulus rates, the cybertext gains the original modulus already. However, as this cybertext does not encrypt the original message exactly, the rest of the steps recovers the original message. As those steps are big combinations of additions and multiplications, the modulus is consumed again. Therefore, such modulus consumption directly determines the above limit depth of evaluation after bootstrapping. In this research, we are focusing on reducing it to maximize the efficiency of the bootstrapping algorithm. To reduce modulus consumption, we suggest a new bootstrapping algorithm called EVA-Round. EVA-Round algorithm can be constructed by giving two simple modifications on the conventional bootstrapping algorithm. The conventional algorithm contains four steps called modulus rates called to slot EVA-Round algorithm. To construct the EVA-Round algorithm, we force to modify called to slot to its variant by just adjusting a parameter. To be more specific, we use lower scale factor. This change makes the step to consume much less modulus, yet calculate the result implicitly with a non-negligible error. Second modification follows to deal with such error. We alternate EVA-Round step to EVA-Round by simply performing two extra subtractions. EVA-Round step is simply to the original EVA-Round step, but it has its own merit on being stable to the error. The main motivation of the algorithm as follows. EVA-Round can be explained as the homomorphic computation of modular rounding, while EVA-Round is the homomorphic computation of modular reduction. The function of modular reduction and modular rounding can be drawn as on the figure. As the relationship of those two functions is trivial, one can easily replace one another. However, we can observe that the modular rounding is stable to the input error, unlike modular reduction, so our algorithm takes the odd advantages there, so we can successfully reduce the modulus consumption. By applying our algorithm described so far, we could obtain the result as shown. We have implemented our own CKKS code and tested the algorithm on a practical parameter. We could reduce the modulus consumption by 84 bits, with some sufficient amount to gain one or two evaluation depths after bootstrapping. This is more effective on the parameter, which has heavy bootstrap circuits and thereby provides relatively low extra evaluation depths after bootstrapping. Another important point of this algorithm is its portability. As EVA-Round is constructed by tweaking the conventional one, this technique can be attached on every existing implementation of conventional bootstrapping with a negligible effort. To sum up, we have successfully reduced the modulus consumption of bootstrapping and improved its efficiency with a simply yet effective algorithm. This ends our video. Thank you for listening.