feat(FHE): create fhe context and encrypted polynomial implementation

[cryptus-neoxys]

Summary by CodeRabbit

• New Features

  • Fully functional OpenFHE cryptographic library integration with homomorphic operations (encryption, decryption, addition, subtraction, scalar multiplication, rotation, and character projection).
  • Added performance benchmarking suite for cryptographic operations.

• Documentation

  • Expanded README with Phase 2 OpenFHE integration details and updated implementation roadmap.
  • Added comprehensive reading list covering cryptography foundations, OpenFHE usage, and engineering tools.

• Chores

  • Updated build configuration to support new dependencies and compiler flags.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[cryptus-neoxys]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Note

Currently processing new changes in this PR. This may take a few minutes, please wait...

📥 Commits

Reviewing files that changed from the base of the PR and between 71c854e and 8404b2b.

⛔ Files ignored due to path filters (1)

• MODULE.bazel.lock is excluded by !**/*.lock

📒 Files selected for processing (16)

• .bazelrc (2 hunks)
• .github/copilot-instructions.md (1 hunks)
• BUILD.bazel (1 hunks)
• MODULE.bazel (2 hunks)
• README.md (20 hunks)
• docs/reading_list.md (1 hunks)
• lib/crypto/BUILD.bazel (3 hunks)
• lib/crypto/encrypted_polynomial.cc (2 hunks)
• lib/crypto/fhe_context.cc (1 hunks)
• lib/crypto/fhe_context.h (1 hunks)
• test/crypto/BUILD.bazel (2 hunks)
• test/crypto/encrypted_polynomial_test.cc (2 hunks)
• test/crypto/fhe_benchmark.cc (1 hunks)
• third_party/BUILD.bazel (1 hunks)
• third_party/cereal.BUILD (1 hunks)
• third_party/openfhe.BUILD (1 hunks)

 ______________________________________________________
< Keep calm and carry on coding, I'll handle the bugs. >
 ------------------------------------------------------
  \
   \   (\__/)
       (•ㅅ•)
       / 　 づ

Tip

CodeRabbit can suggest fixes for GitHub Check annotations.

Configure reviews.tools.github-checks in your project's settings in CodeRabbit to adjust the time to wait for GitHub Checks to complete.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

✅ Copyable Unit Test edits generated.

• Create PR with unit tests
• Commit unit tests in branch feat/dev-sh/implement-fhe-context
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Note

Unit test generation is an Early Access feature. Expect some limitations and changes as we gather feedback and continue to improve it.

---

Generating unit tests... This may take up to 20 minutes.

[coderabbitai]

Note

Docstrings generation - SUCCESS
Generated docstrings for this pull request at #2

[coderabbitai]

Note

Unit test generation is an Early Access feature. Expect some limitations and changes as we gather feedback and continue to improve it.

---

Generating unit tests... This may take up to 20 minutes.

[coderabbitai]

Note

Unit test generation is an Early Access feature. Expect some limitations and changes as we gather feedback and continue to improve it.

---

Generating unit tests... This may take up to 20 minutes.

[coderabbitai]

Actionable comments posted: 12

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (3)

.bazelrc (1)

14-15: Stale comment and potential exception handling conflict.

The comment states "no OpenFHE" but this PR integrates OpenFHE. More critically, -fno-exceptions is enabled here, while third_party/openfhe.BUILD explicitly adds -fexceptions for the OpenFHE build. This mismatch could cause issues when linking or calling OpenFHE code from your application code.

Consider updating:

-# No exceptions needed (pure polynomial algebra, no OpenFHE)
-build --cxxopt=-fno-exceptions
+# Enable exceptions for OpenFHE compatibility
+build --cxxopt=-fexceptions

Alternatively, if you want to keep exceptions disabled for most code, you'll need to ensure the boundary between exception-enabled (OpenFHE) and exception-disabled code is carefully managed.

MODULE.bazel (1)

14-21: Version comment is inconsistent with actual tag.

The comment on line 14 states "v1.4.2 (latest stable as of November 2025)" but the actual tag on line 20 is v1.2.1. This discrepancy is confusing for future maintainers.

 # OpenFHE for homomorphic encryption
 # Note: OpenFHE is added via git_repository since it's not in BCR
-# Using v1.4.2 (latest stable as of November 2025)
+# Using v1.2.1 (last stable version with Bazel support)
 git_repository = use_repo_rule("@bazel_tools//tools/build_defs/repo:git.bzl", "git_repository")

README.md (1)

42-80: Docs status is internally inconsistent (Phase 2 “stubs” vs “OpenFHE Integration complete”).
You mark “OpenFHE Integration (2025-12-14)” as completed (Line 55-79), but Quick Start still says FHE tests “all return UnimplementedError” (Line 304-311) and “Known Issues” says integration is incomplete (Line 426-432). Also footer says “Last Updated: 2025-11-11” (Line 465), which contradicts the 2025-12-14 milestone.

Also applies to: 304-311, 426-432, 463-467

🧹 Nitpick comments (7)

third_party/openfhe.BUILD (1)

48-48: Consider making build parallelism configurable.

Hardcoding -j8 may not be optimal for all build environments. Consider using a variable or removing this to let the system decide.

-    build_args = ["-j8"],
+    build_args = ["-j"],  # Let make use available cores

Or remove build_args entirely to use defaults.

test/crypto/BUILD.bazel (1)

22-31: Consider adding -fexceptions to encrypted_polynomial_test.

This test depends on fhe_context and encrypted_polynomial, both of which enable -fexceptions for OpenFHE compatibility. If the test includes OpenFHE headers transitively or handles exceptions, missing this flag could cause undefined behavior or crashes when exceptions are thrown.

 cc_test(
     name = "encrypted_polynomial_test",
     srcs = ["encrypted_polynomial_test.cc"],
+    copts = ["-fexceptions"],  # OpenFHE requires exceptions
     deps = [
         "//lib/crypto:encrypted_polynomial",
         "//lib/crypto:polynomial",
         "//lib/crypto:fhe_context",
         "@googletest//:gtest_main",
     ],
 )

README.md (1)

320-321: Fix markdownlint MD034 (no-bare-urls) in Resources/Research sections.
Convert bare URLs to proper Markdown links to keep lint clean.

Example pattern:

-> bon-cdp ([email protected]), November 2025: https://github.com/bon-cdp/notes/blob/main/c.pdf
+> bon-cdp ([email protected]), November 2025: [paper notes](https://github.com/bon-cdp/notes/blob/main/c.pdf)

Also applies to: 400-403, 406-409

test/crypto/fhe_benchmark.cc (1)

46-54: KeyGeneration benchmark likely “pollutes” the shared CryptoContext (skewing measurements).
If FHEContext::GenerateKeyPair() stores eval keys in the context, repeated iterations can accumulate keys and change perf/memory over time. Consider benchmarking keygen with a fresh FHEContext per-iteration (or clearing eval keys if OpenFHE supports it).

test/crypto/encrypted_polynomial_test.cc (2)

15-31: Fixture comment says “once”, but SetUp() runs per-test — consider SetUpTestSuite for perf.
Context creation + keygen can be expensive; moving to suite-level init can speed up CI significantly.

---

151-172: CharacterProjection test currently only checks “no error”; add at least one invariant assertion.
Even a lightweight check (e.g., output decrypts to a vector of size ≥ 1, or specific slots equal each other if that’s guaranteed by your projection definition) would make this test catch regressions.

lib/crypto/fhe_context.h (1)

28-40: Thread-safety/immutability docs don’t match API surface (CryptoContext exposed; eval keys mutate).
Line 52-53 claims “Thread-safe after initialization (immutable context)”, but GenerateKeyPair() mutates eval keys and crypto_context() (Line 196) exposes the underlying mutable OpenFHE context. Suggest tightening the wording (e.g., “thread-safe for read-only ops after keys are generated”) and/or limiting exposure of crypto_context().

Also applies to: 52-53, 194-207

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 71c854e and 8404b2b.

⛔ Files ignored due to path filters (1)

• MODULE.bazel.lock is excluded by !**/*.lock

📒 Files selected for processing (16)

• .bazelrc (2 hunks)
• .github/copilot-instructions.md (1 hunks)
• BUILD.bazel (1 hunks)
• MODULE.bazel (2 hunks)
• README.md (20 hunks)
• docs/reading_list.md (1 hunks)
• lib/crypto/BUILD.bazel (3 hunks)
• lib/crypto/encrypted_polynomial.cc (2 hunks)
• lib/crypto/fhe_context.cc (1 hunks)
• lib/crypto/fhe_context.h (1 hunks)
• test/crypto/BUILD.bazel (2 hunks)
• test/crypto/encrypted_polynomial_test.cc (2 hunks)
• test/crypto/fhe_benchmark.cc (1 hunks)
• third_party/BUILD.bazel (1 hunks)
• third_party/cereal.BUILD (1 hunks)
• third_party/openfhe.BUILD (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (2)

lib/crypto/encrypted_polynomial.cc (1)

lib/crypto/fhe_context.cc (2)

• modulus (243-245)
• modulus (243-243)

test/crypto/encrypted_polynomial_test.cc (2)

lib/crypto/fhe_context.cc (4)

• Create (11-44)
• Create (11-11)
• Encrypt (75-100)
• Encrypt (75-77)

lib/crypto/encrypted_polynomial.cc (2)

• Encrypt (64-75)
• Encrypt (64-67)

🪛 Cppcheck (2.18.0)

test/crypto/encrypted_polynomial_test.cc

[error] 33-33: syntax error

(syntaxError)

🪛 LanguageTool

docs/reading_list.md

[style] ~16-~16: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ... structure of our ciphertexts). - Chapter 25: Factoring Polynomials (Irreducibi...

(ENGLISH_WORD_REPEAT_BEGINNING_RULE)

---

[uncategorized] ~54-~54: Did you mean “Rubik's Cube”?
Context: ...s "position-dependent" symmetry (like a rubik's cube or a network with local structure). -...

(RUBIKS_CUBE)

🪛 markdownlint-cli2 (0.18.1)

README.md

320-320: Bare URL used

(MD034, no-bare-urls)

---

320-320: Bare URL used

(MD034, no-bare-urls)

---

400-400: Bare URL used

(MD034, no-bare-urls)

---

402-402: Bare URL used

(MD034, no-bare-urls)

---

406-406: Bare URL used

(MD034, no-bare-urls)

---

407-407: Bare URL used

(MD034, no-bare-urls)

---

408-408: Bare URL used

(MD034, no-bare-urls)

🔇 Additional comments (14)

third_party/BUILD.bazel (1)

1-2: LGTM!

Valid directory marker for Bazel. The comments clearly indicate the purpose of the third_party/ package.

.bazelrc (1)

21-22: Good choice disabling -ffast-math for cryptographic code.

Fast-math optimizations can break floating-point determinism and precision, which could be problematic for cryptographic operations. The comment could be updated to reflect this reasoning.

docs/reading_list.md (1)

1-74: Well-structured prerequisite documentation.

The reading list is well-organized and provides appropriate resources for contributors. The progression from cryptography foundations through OpenFHE to the mathematical framework is logical.

.github/copilot-instructions.md (1)

1-65: Comprehensive AI coding instructions.

The document clearly outlines the architecture, key components, and FHE-specific patterns (no server decryption, depth-0 constraint). The development workflow and current phase status will be helpful for contributors.

third_party/openfhe.BUILD (2)

10-13: Broad glob pattern is necessary but may slow builds.

glob(["**"]) captures all files which is required for cmake builds, but can impact Bazel's analysis phase on large repositories. This is acceptable for OpenFHE integration.

---

16-66: CMake integration approach looks solid.

The cmake() rule configuration is well-structured with appropriate cache entries to disable unnecessary build targets (tests, examples, benchmarks) and enable static libraries. The dependency on cereal and the manual header/lib copying in the postfix script handle OpenFHE's non-standard install structure.

MODULE.bazel (1)

27-33: LGTM!

Good practice including the sha256 hash for the cereal archive to ensure integrity and reproducibility.

BUILD.bazel (1)

3-13: LGTM!

Standard configuration for generating compile_commands.json. Excluding external headers and sources is appropriate to keep the generated commands focused on project code.

lib/crypto/BUILD.bazel (1)

46-59: LGTM!

Enabling -fexceptions for OpenFHE-dependent targets is correct. The dependency chain is well-structured with fhe_context providing the OpenFHE integration and encrypted_polynomial building on top of it.

third_party/cereal.BUILD (1)

1-13: LGTM!

Clean header-only library configuration for cereal. The glob patterns correctly capture all header files.

test/crypto/BUILD.bazel (1)

33-43: LGTM!

Benchmark target is properly configured with -fexceptions and appropriate dependencies for FHE operations.

lib/crypto/encrypted_polynomial.cc (1)

158-200: Algorithm implementation looks correct, with caveats noted above.

The DFT-based character projection correctly:

• Starts with the k=0 term (χⱼ(0) = 1)
• Iterates k=1..n-1, computing χⱼ(k) = ω^(j·k) and accumulating rotated/scaled ciphertexts
• Scales final result by 1/n

The try-catch wrapper appropriately handles potential OpenFHE exceptions.

lib/crypto/fhe_context.cc (1)

46-73: File not found in repository

The review comment references lib/crypto/fhe_context.cc lines 46-73, but this file does not exist in the current repository. The claims about missing null-checks after KeyGen(), slot count derivation, and rotation key generation cannot be verified without access to the actual code.

test/crypto/encrypted_polynomial_test.cc (1)

130-149: Rotation semantics are correct — test expectations align with OpenFHE's EvalRotate behavior.

The test assumes that positions = 2 shifts each slot forward by 2 positions (slot i receives the value from original slot i+2). This matches OpenFHE's documented semantics where positive indices produce left shifts: [a b c d] with EvalRotate(..., 1) yields [b c d a]. The test expectations for decrypted values are correct.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

C++ version inconsistency.

This states "C++17 support" but .bazelrc configures --cxxopt=-std=c++20. Update for consistency.

-  - C++ Compiler (Clang/GCC with C++17 support)
+  - C++ Compiler (Clang/GCC with C++20 support)

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- C++ Compiler (Clang/GCC with C++17 support)
	- C++ Compiler (Clang/GCC with C++20 support)

🤖 Prompt for AI Agents

.github/copilot-instructions.md around line 39: the doc states "C++17 support"
but the repository's .bazelrc sets --cxxopt=-std=c++20 causing an inconsistency;
update the instruction text to reference C++20 (or change .bazelrc to C++17 if
the project requires C++17) so they match, and ensure any other docs or CI
configs are aligned to the chosen standard.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Minor: Capitalize "Rubik's Cube" as a proper noun.

-  - **Concept**: A group construction that captures "position-dependent" symmetry (like a rubik's cube or a network with local structure).
+  - **Concept**: A group construction that captures "position-dependent" symmetry (like a Rubik's Cube or a network with local structure).

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- **Concept**: A group construction that captures "position-dependent" symmetry (like a rubik's cube or a network with local structure).
	- **Concept**: A group construction that captures "position-dependent" symmetry (like a Rubik's Cube or a network with local structure).

🧰 Tools

🪛 LanguageTool

[uncategorized] ~54-~54: Did you mean “Rubik's Cube”?
Context: ...s "position-dependent" symmetry (like a rubik's cube or a network with local structure). -...

(RUBIKS_CUBE)

🤖 Prompt for AI Agents

In docs/reading_list.md around line 54, the term "rubik's cube" is not
capitalized correctly; change it to "Rubik's Cube" (capitalize both words and
the possessive) so the sentence reads "...like a Rubik's Cube or a network with
local structure)." Ensure punctuation and spacing remain unchanged.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Potential integer overflow in modular exponentiation.

Lines 17 and 19 compute result * base and base * base which can overflow int64_t before the modulo operation if both operands approach modulus - 1. With the current modulus = 65537, the maximum intermediate value is ~4.3 billion, which fits safely. However, if kModulus changes to a larger value, this will silently overflow.

Consider using __int128 for the intermediate multiplication or documenting the modulus constraint:

 int64_t ModPow(int64_t base, int64_t exp, int64_t modulus) {
+  // Note: Safe for modulus up to ~3 billion (sqrt of INT64_MAX)
+  // For larger moduli, use __int128 intermediate or a big-int library
   int64_t result = 1;
   base %= modulus;
   while (exp > 0) {
     if (exp & 1) {
-      result = (result * base) % modulus;
+      result = static_cast<int64_t>((__int128)result * base % modulus);
     }
-    base = (base * base) % modulus;
+    base = static_cast<int64_t>((__int128)base * base % modulus);
     exp >>= 1;
   }
   return result;
 }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	int64_t ModPow(int64_t base, int64_t exp, int64_t modulus) {
	int64_t result = 1;
	base %= modulus;
	while (exp > 0) {
	if (exp & 1) {
	result = (result * base) % modulus;
	}
	base = (base * base) % modulus;
	exp >>= 1;
	}
	return result;
	}
	int64_t ModPow(int64_t base, int64_t exp, int64_t modulus) {
	// Note: Safe for modulus up to ~3 billion (sqrt of INT64_MAX)
	// For larger moduli, use __int128 intermediate or a big-int library
	int64_t result = 1;
	base %= modulus;
	while (exp > 0) {
	if (exp & 1) {
	result = static_cast<int64_t>((__int128)result * base % modulus);
	}
	base = static_cast<int64_t>((__int128)base * base % modulus);
	exp >>= 1;
	}
	return result;
	}

🤖 Prompt for AI Agents

In lib/crypto/encrypted_polynomial.cc around lines 12 to 23, the modular
exponentiation multiplies int64_t values (result*base and base*base) which can
overflow before the modulo; replace the plain int64_t multiplications with
128-bit intermediate arithmetic (use __int128 for the multiplication operands
and cast the final value back to int64_t after the modulo) or, alternatively,
add a static/runtime check that kModulus is small enough to guarantee no
overflow; update function signatures/types as needed to perform ( (__int128)lhs
* (__int128)rhs ) % modulus and return an int64_t result.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Missing validation for modular inverse existence.

ModInverse assumes a and modulus are coprime (gcd = 1). If they aren't, the inverse doesn't exist and this function returns an incorrect value without any indication of failure. Since this is cryptographic code, silent incorrect results are dangerous.

-int64_t ModInverse(int64_t a, int64_t modulus) {
+// Returns modular inverse of a mod modulus, or -1 if inverse doesn't exist
+int64_t ModInverse(int64_t a, int64_t modulus) {
   int64_t m0 = modulus, t, q;
   int64_t x0 = 0, x1 = 1;
   
   if (modulus == 1) return 0;
   
+  a = a % m0;
+  if (a < 0) a += m0;
+  
   while (a > 1) {
+    if (modulus == 0) return -1;  // gcd != 1, no inverse exists
     q = a / modulus;
     t = modulus;
     modulus = a % modulus;
     a = t;
     t = x0;
     x0 = x1 - q * x0;
     x1 = t;
   }
   
+  if (a != 1) return -1;  // gcd != 1, no inverse exists
+  
   if (x1 < 0) x1 += m0;
   return x1;
 }

Then check the return value at the call site (line 194).

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	int64_t ModInverse(int64_t a, int64_t modulus) {
	int64_t m0 = modulus, t, q;
	int64_t x0 = 0, x1 = 1;
	if (modulus == 1) return 0;
	while (a > 1) {
	q = a / modulus;
	t = modulus;
	modulus = a % modulus;
	a = t;
	t = x0;
	x0 = x1 - q * x0;
	x1 = t;
	}
	if (x1 < 0) x1 += m0;
	return x1;
	}
	// Returns modular inverse of a mod modulus, or -1 if inverse doesn't exist
	int64_t ModInverse(int64_t a, int64_t modulus) {
	int64_t m0 = modulus, t, q;
	int64_t x0 = 0, x1 = 1;
	if (modulus == 1) return 0;
	a = a % m0;
	if (a < 0) a += m0;
	while (a > 1) {
	if (modulus == 0) return -1; // gcd != 1, no inverse exists
	q = a / modulus;
	t = modulus;
	modulus = a % modulus;
	a = t;
	t = x0;
	x0 = x1 - q * x0;
	x1 = t;
	}
	if (a != 1) return -1; // gcd != 1, no inverse exists
	if (x1 < 0) x1 += m0;
	return x1;
	}

🤖 Prompt for AI Agents

In lib/crypto/encrypted_polynomial.cc around lines 26 to 44, ModInverse
currently assumes a and modulus are coprime and returns a value even when
inverse doesn't exist; update the function to first compute gcd(a, modulus)
(e.g., using std::gcd or an inline gcd) and if gcd != 1 return a sentinel (e.g.,
-1) to indicate failure, otherwise proceed with the extended Euclidean algorithm
and return the inverse; then at the call site (around line 194) check for the
sentinel return value and handle the error (log and abort/throw or propagate the
failure) instead of proceeding with an invalid inverse.

[coderabbitai]

🛠️ Refactor suggestion | 🟠 Major

Hardcoded assumptions limit flexibility and lack validation.

This function assumes:

1. modulus is always 65537 (comment says so, but no runtime check)
2. n evenly divides (modulus - 1) (no validation)
3. g = 3 is a generator (true for 65537 but not generally)

If RingParams::kModulus or kNumCharacters changes, this will silently produce incorrect roots.

 int64_t FindRootOfUnity(int n, int64_t modulus) {
-  // For modulus = 65537 = 2^16 + 1, we know p-1 = 2^16
-  // So any power of 2 divides (p-1)
-  
-  // A generator for Z_p^* is typically a small number
-  // For p = 65537, g = 3 is a generator
-  int64_t g = 3;
+  // Validate assumptions
+  if (modulus != 65537) {
+    // For other primes, finding a generator requires more work
+    throw std::invalid_argument("FindRootOfUnity only supports modulus=65537");
+  }
+  if ((modulus - 1) % n != 0) {
+    throw std::invalid_argument("n must divide (modulus - 1)");
+  }
   
+  // For p = 65537, g = 3 is a known generator of Z_p^*
+  int64_t g = 3;
+  
   // ω = g^((p-1)/n) is a primitive nth root of unity
   int64_t exponent = (modulus - 1) / n;
   return ModPow(g, exponent, modulus);
 }

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

find . -path "*/lib/crypto/*" -type f | head -20

Repository: cryptus-neoxys/f2chat

Length of output: 443

---

🏁 Script executed:

git ls-files | grep -i fhe

Repository: cryptus-neoxys/f2chat

Length of output: 170

---

🏁 Script executed:

ls -la

Repository: cryptus-neoxys/f2chat

Length of output: 1039

---

🏁 Script executed:

rg "%d.*RingParams::kDegree" -A 1 -B 1

Repository: cryptus-neoxys/f2chat

Length of output: 47

---

🏁 Script executed:

ls -la lib/ 2>/dev/null || echo "lib directory not found"

Repository: cryptus-neoxys/f2chat

Length of output: 284

---

🏁 Script executed:

rg "Encrypt.*coefficients" -A 10 | head -50

Repository: cryptus-neoxys/f2chat

Length of output: 3327

---

🏁 Script executed:

rg "MakePackedPlaintext" -B 5 -A 5

Repository: cryptus-neoxys/f2chat

Length of output: 1285

---

🏁 Script executed:

git log --oneline -5

Repository: cryptus-neoxys/f2chat

Length of output: 122

---

🏁 Script executed:

rg "absl::StrFormat" --type cc --type h | head -20

Repository: cryptus-neoxys/f2chat

Length of output: 91

---

🏁 Script executed:

rg "coefficients" --type cc --type h -B 3 -A 3 | grep -A 3 -B 3 "InvalidArgumentError\|size_t" | head -40

Repository: cryptus-neoxys/f2chat

Length of output: 91

---

🏁 Script executed:

find . -type f -path "*crypto*" -name "*.cc" 2>/dev/null || echo "No crypto cc files found"

Repository: cryptus-neoxys/f2chat

Length of output: 376

---

🏁 Script executed:

find . -type d -name "crypto" 2>/dev/null

Repository: cryptus-neoxys/f2chat

Length of output: 91

---

🏁 Script executed:

ls -R 2>/dev/null | head -50

Repository: cryptus-neoxys/f2chat

Length of output: 692

---

🏁 Script executed:

wc -l lib/crypto/fhe_context.cc

Repository: cryptus-neoxys/f2chat

Length of output: 94

---

🏁 Script executed:

head -150 lib/crypto/fhe_context.cc

Repository: cryptus-neoxys/f2chat

Length of output: 4947

---

🏁 Script executed:

sed -n '75,100p' lib/crypto/fhe_context.cc

Repository: cryptus-neoxys/f2chat

Length of output: 929

---

🏁 Script executed:

head -200 lib/crypto/fhe_context.cc | tail -100

Repository: cryptus-neoxys/f2chat

Length of output: 3256

---

🏁 Script executed:

strings lib/crypto/fhe_context.cc | head -80

Repository: cryptus-neoxys/f2chat

Length of output: 110

---

🏁 Script executed:

grep -A 10 "coefficients()" lib/crypto/polynomial.h

Repository: cryptus-neoxys/f2chat

Length of output: 357

---

Fix format specifier for size_t parameter on lines 84-86.

The StrFormat call uses %d (int format) for coefficients.size(), which returns size_t. On 64-bit systems, this causes the value to be truncated or misrepresented in the error message. Use %zu instead, the standard format specifier for size_t:

   if (coefficients.size() > static_cast<size_t>(RingParams::kDegree)) {
     return absl::InvalidArgumentError(absl::StrFormat(
-        "Too many coefficients: %d (max: %d)",
+        "Too many coefficients: %zu (max: %d)",
         coefficients.size(), RingParams::kDegree));
   }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	absl::StatusOr<Ciphertext> FHEContext::Encrypt(
	const std::vector<int64_t>& coefficients,
	const PublicKey& public_key) const {
	(void)public_key; // Suppress unused parameter warning (stub implementation)
	if (!crypto_context_) {
	return absl::FailedPreconditionError("Crypto context not initialized");
	}
	if (coefficients.size() > static_cast<size_t>(RingParams::kDegree)) {
	return absl::InvalidArgumentError(absl::StrFormat(
	"Too many coefficients: %d (max: %d)",
	coefficients.size(), RingParams::kDegree));
	}
	// TODO: Encrypt using OpenFHE
	//
	// Planned implementation:
	// Plaintext pt = crypto_context_->MakePackedPlaintext(coefficients);
	// Ciphertext ct = crypto_context_->Encrypt(public_key, pt);
	// return ct;
	return absl::UnimplementedError(
	"FHEContext::Encrypt() - OpenFHE integration pending.");
	try {
	// Create a packed plaintext from coefficients
	Plaintext pt = crypto_context_->MakePackedPlaintext(coefficients);
	// Encrypt using the public key
	Ciphertext ct = crypto_context_->Encrypt(public_key, pt);
	return ct;
	} catch (const std::exception& e) {
	return absl::InternalError(
	absl::StrFormat("Encryption failed: %s", e.what()));
	}
	}
	absl::StatusOr<Ciphertext> FHEContext::Encrypt(
	const std::vector<int64_t>& coefficients,
	const PublicKey& public_key) const {
	if (!crypto_context_) {
	return absl::FailedPreconditionError("Crypto context not initialized");
	}
	if (coefficients.size() > static_cast<size_t>(RingParams::kDegree)) {
	return absl::InvalidArgumentError(absl::StrFormat(
	"Too many coefficients: %zu (max: %d)",
	coefficients.size(), RingParams::kDegree));
	}
	try {
	// Create a packed plaintext from coefficients
	Plaintext pt = crypto_context_->MakePackedPlaintext(coefficients);
	// Encrypt using the public key
	Ciphertext ct = crypto_context_->Encrypt(public_key, pt);
	return ct;
	} catch (const std::exception& e) {
	return absl::InternalError(
	absl::StrFormat("Encryption failed: %s", e.what()));
	}
	}

🤖 Prompt for AI Agents

In lib/crypto/fhe_context.cc around lines 84 to 86, the absl::StrFormat uses
"%d" for coefficients.size() (a size_t) which can misrepresent the value on
64-bit systems; change the format specifiers to "%zu" and ensure the second
argument (RingParams::kDegree) is cast to size_t (e.g.
static_cast<size_t>(RingParams::kDegree)) so both arguments match the "%zu"
specifier and the error message prints correctly.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

# First, let's examine the file mentioned in the review
head -n 150 lib/crypto/fhe_context.cc | tail -n 60

Repository: cryptus-neoxys/f2chat

Length of output: 1796

---

🏁 Script executed:

# Search for OpenFHE Decrypt usage patterns in the codebase
rg "crypto_context_->Decrypt" -A 5 -B 2

Repository: cryptus-neoxys/f2chat

Length of output: 536

---

🏁 Script executed:

# Search for SetLength usage patterns
rg "SetLength" -A 2 -B 2

Repository: cryptus-neoxys/f2chat

Length of output: 47

---

🏁 Script executed:

# Search for GetPackedValue patterns
rg "GetPackedValue" -A 2 -B 2

Repository: cryptus-neoxys/f2chat

Length of output: 372

---

🏁 Script executed:

# Look for DecryptResult or similar types
rg "DecryptResult" -A 2 -B 2

Repository: cryptus-neoxys/f2chat

Length of output: 47

---

🏁 Script executed:

# Check for any OpenFHE includes to understand the API version
rg "#include.*openfhe|#include.*palisade" -A 1

Repository: cryptus-neoxys/f2chat

Length of output: 136

---

🏁 Script executed:

# Check for OpenFHE version or build info
fd -e cmake -e txt | xargs grep -l "openfhe" 2>/dev/null | head -5

Repository: cryptus-neoxys/f2chat

Length of output: 47

---

🏁 Script executed:

# Look for any comments or documentation about OpenFHE usage
rg "openfhe|OpenFHE" -i -B 2 -A 2

Repository: cryptus-neoxys/f2chat

Length of output: 13399

---

🌐 Web query:

OpenFHE Decrypt plaintext SetLength GetPackedValue API documentation

💡 Result:

Quick pointers to the OpenFHE API docs you asked about:

• CryptoContext::Decrypt (returns a Plaintext / DecryptResult variants) — API listing for CryptoContext Decrypt overloads. [1] (openfheorg.github.io)
• Plaintext methods: SetLength / GetLength / GetPackedValue / GetCoefPackedValue / GetCKKSPackedValue / GetRealPackedValue (and related plaintext API). [2] (openfhe-development.readthedocs.io)
• Higher-level PKE encoding docs (how Encode → Encrypt → Decrypt → SetLength fits together). [3] (openfhe-development.readthedocs.io)
• DecryptResult struct (returned/declared types and validity info). [4] (openfhe-development.readthedocs.io)

If you want, I can:

• paste the exact C++/Python signatures and a short usage example (CKKS or BFV), or
• fetch a specific OpenFHE release version's header/docs and link the exact lines.

Citations:

• 1: https://openfheorg.github.io/openfhe-python/html/cryptocontext.html?utm_source=openai
• 2: https://openfhe-development.readthedocs.io/en/latest/api/program_listing_file_pke_include_encoding_plaintext.h.html?utm_source=openai
• 3: https://openfhe-development.readthedocs.io/en/latest/sphinx_rsts/modules/pke/pke_encoding.html?utm_source=openai
• 4: https://openfhe-development.readthedocs.io/en/latest/api/structlbcrypto_1_1DecryptResult.html?utm_source=openai

---

🌐 Web query:

OpenFHE Plaintext SetLength method required usage

💡 Result:

Summary — Plaintext::SetLength in OpenFHE

• Purpose: SetLength(newSize) resizes the internal encoded vector of a Plaintext so printed/decoded output uses the requested number of slots/elements. It is only supported for plaintext types that have a resizable vector (e.g., coef-packed / some packed encodings). If the Plaintext type does not support resizing the default implementation throws "resize not supported". [1][2]

• Typical usage:

  • After decryption you often receive a Plaintext whose internal length may not match the original encoded slot count (for example after rotations, multiparty fusion, scheme-switching, etc.). Call plaintext->SetLength(originalEncodedLength) before printing or extracting values. Example patterns appear in OpenFHE examples and forum posts:
    • plaintext->SetLength(encodedLength);
    • plaintextDec->SetLength(plaintext1->GetLength());
      See forum examples. [3][4]

• Python bindings: openfhe-python exposes SetLength(newSize) with the same semantics (resizes only when the underlying plaintext supports a resizable vector). [1]

• Practical note: If SetLength throws or has no effect, the plaintext type returned by your scheme/encoding does not support resizing — you must use the appropriate encoding or extract values via the provided Get* methods (e.g., GetCKKSPackedValue, GetCoefPackedValue) or construct the plaintext with correct length at Encode/Make*Plaintext time. [1][2]

References

1. openfhe-python Plaintext API (SetLength docs + GetCKKSPackedValue). [openfhe-python docs]. [1]
2. OpenFHE plaintext.h program listing — default SetLength throws "resize not supported". [plaintext.h]. [2]
3. OpenFHE PKE encoding docs (describes Encode → Encrypt → Decrypt → SetLength flow). [3]
4. OpenFHE community examples showing SetLength used after Decrypt/MultipartyDecryptFusion. [4]

If you want, tell me which scheme/encoding and language (C++ or Python) you're using and I’ll show a minimal code example.

---

🏁 Script executed:

# Examine the FHEContext::Create() method to see what encoding is used
rg "FHEContext::Create" -A 30

Repository: cryptus-neoxys/f2chat

Length of output: 8972

---

🏁 Script executed:

# Search for CryptoPPENCODE or encoding details
rg "SetPlaintextModulus|PackedEncoding|SetBatchSize" -A 2 -B 2

Repository: cryptus-neoxys/f2chat

Length of output: 941

---

🏁 Script executed:

# Check if there are any other Decrypt patterns in the codebase
rg "->Decrypt" -B 3 -A 5

Repository: cryptus-neoxys/f2chat

Length of output: 469

---

🏁 Script executed:

# Look at the complete fhe_context.cc file structure
wc -l lib/crypto/fhe_context.cc

Repository: cryptus-neoxys/f2chat

Length of output: 94

---

🏁 Script executed:

# Get the Create method in detail
sed -n '35,100p' lib/crypto/fhe_context.cc

Repository: cryptus-neoxys/f2chat

Length of output: 2318

---

Call SetLength() after decrypt and ensure fixed-size output with zero-padding.

The BGV batch-encoding scheme used here (MakePackedPlaintext) requires calling pt->SetLength(RingParams::kDegree) after decryption to reset the plaintext length for stable GetPackedValue() semantics. Additionally, the result vector should be padded with zeros to exactly RingParams::kDegree coefficients (not just truncated), ensuring callers always receive fixed-degree polynomials regardless of decrypted content.

Regarding DecryptResult validation: the current code uses the void Decrypt(private_key, ciphertext, &pt) overload which is safe, but ensure this overload is intentional (OpenFHE also provides status-returning variants if validation is desired).

🤖 Prompt for AI Agents

In lib/crypto/fhe_context.cc around lines 102 to 126, after decrypting into
Plaintext pt call pt->SetLength(RingParams::kDegree) to fix plaintext length
semantics, then obtain the packed coefficients and ensure the returned vector is
exactly RingParams::kDegree entries by expanding (zero-padding) if shorter or
truncating only if longer; keep the current void Decrypt(private_key,
ciphertext, &pt) overload if that behavior is intentional, otherwise consider
switching to the status-returning variant for explicit validation.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

cat -n lib/crypto/fhe_context.cc | sed -n '168,217p'

Repository: cryptus-neoxys/f2chat

Length of output: 1890

---

🏁 Script executed:

python3 << 'EOF'
import sys

# Verify INT64_MIN negation behavior
INT64_MIN = -9223372036854775808
INT64_MAX = 9223372036854775807

print(f"INT64_MIN: {INT64_MIN}")
print(f"INT64_MAX: {INT64_MAX}")

# C++ two's complement behavior
# -INT64_MIN wraps to INT64_MIN itself
negated = -INT64_MIN if INT64_MIN != -9223223372036854775808 else INT64_MIN
print(f"\nNegating INT64_MIN causes undefined behavior")
print(f"In two's complement representation, -INT64_MIN = INT64_MIN")

# The issue: after abs_scalar--;
abs_scalar = INT64_MIN
print(f"\nIf abs_scalar starts as INT64_MIN and we do abs_scalar--:")
print(f"Result would be: {abs_scalar - 1}")

# Check the proposed fix
print("\n--- Proposed Fix Logic ---")
scalar = INT64_MIN
negate = scalar < 0
abs_scalar = 0
if not negate:
    abs_scalar = scalar
elif scalar == INT64_MIN:
    abs_scalar = INT64_MAX + 1  # 2^63
else:
    abs_scalar = -scalar

print(f"scalar={scalar}, negate={negate}")
print(f"abs_scalar={abs_scalar} (using uint64_t: {abs_scalar})")
print(f"After abs_scalar--, would be: {abs_scalar - 1}")

EOF

Repository: cryptus-neoxys/f2chat

Length of output: 151

---

Fix INT64_MIN overflow and remove unused variable in scalar==0 path.
Line 180: zero_pt is declared but never used before the return statement.
Line 191: abs_scalar = negate ? -scalar : scalar; causes undefined behavior when scalar == std::numeric_limits<int64_t>::min() due to integer overflow; negating INT64_MIN wraps in two's complement.
Use uint64_t for abs_scalar with explicit overflow handling for INT64_MIN, and remove the unused zero_pt variable and its initialization.

+#include <limits>
@@
   try {
@@
     if (scalar == 0) {
-      // Return encryption of zeros
-      std::vector<int64_t> zeros(RingParams::kDegree, 0);
-      auto zero_pt = crypto_context_->MakePackedPlaintext(zeros);
       return crypto_context_->EvalAdd(ciphertext, 
              crypto_context_->EvalNegate(ciphertext));
     }
@@
     // Handle negative scalars
     bool negate = scalar < 0;
-    int64_t abs_scalar = negate ? -scalar : scalar;
+    uint64_t abs_scalar = 0;
+    if (!negate) {
+      abs_scalar = static_cast<uint64_t>(scalar);
+    } else if (scalar == std::numeric_limits<int64_t>::min()) {
+      abs_scalar = static_cast<uint64_t>(std::numeric_limits<int64_t>::max()) + 1ULL;
+    } else {
+      abs_scalar = static_cast<uint64_t>(-scalar);
+    }

🤖 Prompt for AI Agents

In lib/crypto/fhe_context.cc around lines 168 to 217, remove the unused zero_pt
variable in the scalar==0 branch and fix potential INT64_MIN overflow by
changing abs_scalar to an unsigned 64-bit value and explicitly handling the
INT64_MIN case: compute abs_scalar as
uint64_t(std::numeric_limits<int64_t>::max())+1 when scalar ==
std::numeric_limits<int64_t>::min(), otherwise set abs_scalar =
static_cast<uint64_t>(negate ? -scalar : scalar); update the loop/shift logic to
use this uint64_t abs_scalar (decrementing and shifting on the unsigned value)
and keep negation handling, and delete the unused MakePackedPlaintext call so
the scalar==0 path simply returns the EvalAdd/EvalNegate result.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

git ls-files test/crypto/fhe_benchmark.cc

Repository: cryptus-neoxys/f2chat

Length of output: 93

---

🏁 Script executed:

wc -l test/crypto/fhe_benchmark.cc

Repository: cryptus-neoxys/f2chat

Length of output: 97

---

🏁 Script executed:

cat -n test/crypto/fhe_benchmark.cc

Repository: cryptus-neoxys/f2chat

Length of output: 6211

---

Benchmark can crash on init/encrypt failures (SkipWithError doesn't stop callers; unchecked .value()).

EnsureInitialized() returns void. If context/keygen fails (lines 20–30), it calls state.SkipWithError() but the function returns, allowing the benchmark to continue and dereference null g_fhe_ctx or use uninitialized g_keys (lines 50, 62, 72, 86–87, 101–102, 115, 128, 141, 156). Additionally, multiple benchmarks call .value() on StatusOr results without checking .ok() (lines 72, 86–87, 101–102, 115, 128, 141, 156–157). The bool g_initialized flag is also accessed without synchronization (line 19), causing a data race under concurrent execution.

🤖 Prompt for AI Agents

In test/crypto/fhe_benchmark.cc around lines 12 to 35, EnsureInitialized
currently returns void, calls state.SkipWithError on failures but still allows
callers to proceed and uses unchecked .value() later, and g_initialized is a
non-synchronized global causing data races; change EnsureInitialized to return a
Status or bool (e.g., bool EnsureInitialized(benchmark::State& state) or Status
EnsureInitialized(...)) and have callers check the return and immediately return
from the benchmark when initialization fails, replace all unchecked .value()
calls with checks of .ok() (propagate or SkipWithError with the Status message)
before dereferencing, and protect initialization with a synchronization
primitive (std::once_flag/std::call_once or a mutex) so
g_fhe_ctx/g_keys/g_initialized are set atomically and no data race occurs.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# First, let's check what build files exist in the repo
echo "=== Checking for Bazel build configuration files ==="
ls -la | grep -E "MODULE.bazel|WORKSPACE"
echo ""

# Check if MODULE.bazel exists
if [ -f "MODULE.bazel" ]; then
    echo "=== MODULE.bazel found ==="
    cat MODULE.bazel
    echo ""
fi

# Check WORKSPACE
if [ -f "WORKSPACE" ]; then
    echo "=== WORKSPACE found ==="
    head -100 WORKSPACE
    echo ""
fi

if [ -f "WORKSPACE.bazel" ]; then
    echo "=== WORKSPACE.bazel found ==="
    head -100 WORKSPACE.bazel
    echo ""
fi

Repository: cryptus-neoxys/f2chat

Length of output: 2037

---

🏁 Script executed:

#!/bin/bash
# Check the openfhe.BUILD file to see the exact path usage
echo "=== Checking openfhe.BUILD file ==="
if [ -f "third_party/openfhe.BUILD" ]; then
    cat -n third_party/openfhe.BUILD | head -80
fi

Repository: cryptus-neoxys/f2chat

Length of output: 3303

---

🏁 Script executed:

#!/bin/bash
# Search for references to +_repo_rules+ pattern in the codebase
echo "=== Searching for +_repo_rules+ pattern in codebase ==="
rg "\+_repo_rules\+" --type bazel
echo ""

# Also search for EXT_BUILD_ROOT references
echo "=== Searching for EXT_BUILD_ROOT usage ==="
rg "EXT_BUILD_ROOT" --type bazel -B 2 -A 2

Repository: cryptus-neoxys/f2chat

Length of output: 1304

---

🏁 Script executed:

#!/bin/bash
# Check if there are any test files, BUILD logs, or documentation
echo "=== Searching for build artifacts or test results ==="
find . -type f \( -name "*.log" -o -name "*test*" -o -name "BUILD_LOG*" \) 2>/dev/null | head -20
echo ""

# Check for any documentation or comments about the build
echo "=== Searching for comments about openfhe paths ==="
rg "openfhe|EXT_BUILD_ROOT" --type markdown --type txt -B 2 -A 2

Repository: cryptus-neoxys/f2chat

Length of output: 1837

---

🏁 Script executed:

#!/bin/bash
# Look for rules_foreign_cc usage patterns in the codebase
echo "=== Checking rules_foreign_cc imports and usage ==="
rg "rules_foreign_cc|postfix_script" -B 3 -A 3 --type bazel

Repository: cryptus-neoxys/f2chat

Length of output: 1400

---

🌐 Web query:

rules_foreign_cc postfix_script EXT_BUILD_ROOT path variables bzlmod git_repository

💡 Result:

Short answer — what these names mean and how they interact:

• EXT_BUILD_ROOT: an internal path-prefix used by rules_foreign_cc when it expands $(execpath …) / similar Make-style path variables inside env strings and scripts. rules_foreign_cc will rewrite such substitutions to include an EXT_BUILD_ROOT prefix so the foreign build scripts see the correct execroot-relative paths. See the rules_foreign_cc docs and related notes. [1][2]

• postfix_script: a rules_foreign_cc attribute (script) executed after the foreign build/install step; it runs from the external build output area and therefore any $(execpath …)/$(location …) substitutions the rule performs are relative to the EXT_BUILD_ROOT-aware execroot locations. Use the rule’s documented env/path substitution behavior when writing postfix_script. [1]

• bzlmod / git_repository: Bzlmod (MODULE.bazel) is the module system and changes how external repos are declared/resolved. While traditional repository rules (git_repository, http_archive, new_git_repository) still exist, Bzlmod prefers module declarations (bazel_dep) and module override primitives (e.g., local_path_override, git_override) rather than putting git_repository entries in WORKSPACE. For fetching third‑party sources under Bzlmod prefer the module registry (bazel_dep) or http_archive equivalents; use module overrides for local or git-based replacements. Also Bazel docs recommend http_archive over git_repository when possible. [3][4][5]

Practical guidance:

• If you see references to $$EXT_BUILD_ROOT$$ in a postfix_script/env value, treat them as the rules_foreign_cc runtime prefix and prefer using Bazel path variables ($(execpath …)/$(location …)) — rules_foreign_cc will prepend EXT_BUILD_ROOT as needed. If a script fails to find files, inspect how $(execpath) was expanded (EXT_BUILD_ROOT + exec path). [2][1]
• If moving to Bzlmod (MODULE.bazel), stop adding git_repository entries to WORKSPACE; instead add a bazel_dep or use local_path_override/git_override in MODULE.bazel or provide the dependency as a module in the registry. If you must use repository rules, prefer http_archive. [5][3][4]

Sources:

• rules_foreign_cc documentation (usage, env/postfix handling). [1]
• blog post / example discussing EXT_BUILD_ROOT and how rules_foreign_cc rewrites $(execpath) in env values. [2]
• Bazel external-dependencies and git_repository guidance (prefer http_archive; new_git_repository API). [3]
• Bzlmod / MODULE.bazel migration and overrides (bazel_dep, local_path_override, git_override). [5]

If you want, tell me: (a) a short excerpt of your postfix_script or env lines and I’ll show exactly how to rewrite them for Bzlmod, or (b) whether you’re using WORKSPACE or MODULE.bazel and I’ll give exact repo-declaration snippets.

---

🌐 Web query:

bazel bzlmod external repository naming convention +_repo_rules+

💡 Result:

Short summary — Bazel (Bzlmod) repo-naming rules

• Two names: canonical (globally unique, on-disk) and apparent/local (what you use in BUILD/.bzl). [1][2].
• Canonical format (not a stable public API — may change):
  • Module repos: module_nameversion (or module_name.version in some docs/releases). Example: @bazel_skylib1.0.3 / @bazel_skylib.1.0.3. [1][4].
  • Module-extension repos: module_nameversionextension_namerepo_name (or dots/periods variant). Example: @rules_cc0.0.1cc_configurelocal_config_cc. [1][4].
• Apparent/local name: by default the module name; can be overridden with repo_name in bazel_dep/module or introduced via use_repo for extensions. Use that name in BUILD/.bzl files; Bazel maps it to the canonical name with repository mapping. [1][2].
• Generated/private repos (from module extensions or use_repo_rule) follow the canonical pattern and live under external/<canonical_name> — but you should rely on repository mapping / use_repo instead of hardcoding canonical names. [1][3].
• Important: docs explicitly warn the canonical-name string format is not stable API — prefer repo_name, use_repo and repository mappings to refer to repos. [1][4].

Sources: Bazel Bzlmod docs and migration guide. [1][2][4]

---

Postfix script hardcodes bzlmod internal repository naming, which is not a stable API.

The path $$EXT_BUILD_ROOT$$/external/+_repo_rules+openfhe/... relies on Bazel's internal canonical naming format for bzlmod-generated repositories. Bazel documentation explicitly warns this format is not stable and may change. Additionally, hardcoding these paths violates Bazel best practices—you should use documented path variables and repository mapping instead.

Recommended fixes:

• Use relative paths from the build working directory (e.g., ../../../external/openfhe/...) or rules_foreign_cc's documented $(execpath ...) / $(location ...) substitutions, which rules_foreign_cc properly resolves with EXT_BUILD_ROOT
• If accessing source files directly, verify the actual path the CMake build produces and use that instead of assuming the external repo structure
• Document this as a known dependency on bzlmod internals and test regularly against new Bazel versions

🤖 Prompt for AI Agents

In third_party/openfhe.BUILD around lines 51-65, the postfix_script uses Bazel
bzlmod internal repo names
(`$$EXT_BUILD_ROOT$$/external/+_repo_rules+openfhe/...`) which is unstable;
replace the hardcoded internal path with documented substitutions or resolved
locations. Update the script to use rules_foreign_cc-supported path
substitutions (e.g., use $(execpath ...) or $(location ...) / the official
$$EXT_BUILD_ROOT$$ expansion as provided by rules_foreign_cc) or switch to a
relative path from the build outputs that mirrors where CMake actually places
the headers (e.g., copy from the build output/include path produced by the
build), and remove any `+_repo_rules+*` canonical names; ensure the chosen
substitution is tested by running the rule so the resolved path is valid across
Bazel versions.

[coderabbitai]

Here are the copyable unit test edits:

Copyable Edits

test/crypto/encrypted_polynomial_test.cc

@@ -222,5 +222,752 @@
   }
 }
 
+
+// ============================================================================
+// Extended Edge Case and Error Handling Tests
+// ============================================================================
+
+TEST_F(EncryptedPolynomialTest, EncryptEmptyCoefficients) {
+  // Test encrypting empty coefficient vector
+  std::vector<int64_t> empty;
+  auto enc_or = fhe_ctx_->Encrypt(empty, keys_.public_key);
+  ASSERT_TRUE(enc_or.ok()) << "Empty vector encryption should succeed";
+  
+  // Decrypt should return empty or zero-filled vector
+  auto dec_or = fhe_ctx_->Decrypt(enc_or.value(), keys_.private_key);
+  ASSERT_TRUE(dec_or.ok());
+}
+
+TEST_F(EncryptedPolynomialTest, EncryptMaxSizeCoefficients) {
+  // Test encrypting maximum allowed coefficients
+  std::vector<int64_t> max_coeffs(RingParams::kDegree, 42);
+  auto enc_or = fhe_ctx_->Encrypt(max_coeffs, keys_.public_key);
+  ASSERT_TRUE(enc_or.ok()) << "Max size encryption should succeed";
+  
+  auto dec_or = fhe_ctx_->Decrypt(enc_or.value(), keys_.private_key);
+  ASSERT_TRUE(dec_or.ok());
+  
+  // Verify first few coefficients
+  for (int i = 0; i < std::min(10, static_cast<int>(max_coeffs.size())); ++i) {
+    EXPECT_EQ(dec_or.value()[i], 42);
+  }
+}
+
+TEST_F(EncryptedPolynomialTest, EncryptOversizedCoefficients) {
+  // Test encrypting more coefficients than allowed
+  std::vector<int64_t> oversized(RingParams::kDegree + 10, 1);
+  auto enc_or = fhe_ctx_->Encrypt(oversized, keys_.public_key);
+  EXPECT_FALSE(enc_or.ok()) << "Oversized encryption should fail";
+  EXPECT_EQ(enc_or.status().code(), absl::StatusCode::kInvalidArgument);
+}
+
+TEST_F(EncryptedPolynomialTest, EncryptLargeCoefficients) {
+  // Test encrypting coefficients near modulus boundary
+  std::vector<int64_t> large = {
+    RingParams::kModulus - 1,
+    RingParams::kModulus - 2,
+    RingParams::kModulus / 2,
+    1
+  };
+  
+  auto enc_or = fhe_ctx_->Encrypt(large, keys_.public_key);
+  ASSERT_TRUE(enc_or.ok());
+  
+  auto dec_or = fhe_ctx_->Decrypt(enc_or.value(), keys_.private_key);
+  ASSERT_TRUE(dec_or.ok());
+  
+  // Values should be preserved modulo the modulus
+  for (size_t i = 0; i < large.size(); ++i) {
+    int64_t expected = large[i] % RingParams::kModulus;
+    EXPECT_EQ(dec_or.value()[i], expected);
+  }
+}
+
+TEST_F(EncryptedPolynomialTest, EncryptNegativeCoefficients) {
+  // Test encrypting negative coefficients
+  std::vector<int64_t> negative = {-1, -10, -100, -1000};
+  
+  auto enc_or = fhe_ctx_->Encrypt(negative, keys_.public_key);
+  ASSERT_TRUE(enc_or.ok());
+  
+  auto dec_or = fhe_ctx_->Decrypt(enc_or.value(), keys_.private_key);
+  ASSERT_TRUE(dec_or.ok());
+  
+  // Negative values should wrap around modulus
+  for (size_t i = 0; i < negative.size(); ++i) {
+    int64_t expected = ((negative[i] % RingParams::kModulus) + RingParams::kModulus) 
+                       % RingParams::kModulus;
+    EXPECT_EQ(dec_or.value()[i], expected);
+  }
+}
+
+// ============================================================================
+// Scalar Multiplication Edge Cases
+// ============================================================================
+
+TEST_F(EncryptedPolynomialTest, ScalarMultiplyByZero) {
+  // Test scalar multiplication by zero
+  std::vector<int64_t> a = {1, 2, 3, 4, 5};
+  auto enc_a = fhe_ctx_->Encrypt(a, keys_.public_key);
+  ASSERT_TRUE(enc_a.ok());
+  
+  auto enc_product = fhe_ctx_->HomomorphicMultiplyScalar(enc_a.value(), 0);
+  ASSERT_TRUE(enc_product.ok());
+  
+  auto decrypted = fhe_ctx_->Decrypt(enc_product.value(), keys_.private_key);
+  ASSERT_TRUE(decrypted.ok());
+  
+  // All coefficients should be zero
+  for (size_t i = 0; i < a.size(); ++i) {
+    EXPECT_EQ(decrypted.value()[i], 0) << "Zero multiplication at index " << i;
+  }
+}
+
+TEST_F(EncryptedPolynomialTest, ScalarMultiplyByOne) {
+  // Test scalar multiplication by one (identity)
+  std::vector<int64_t> a = {7, 14, 21, 28};
+  auto enc_a = fhe_ctx_->Encrypt(a, keys_.public_key);
+  ASSERT_TRUE(enc_a.ok());
+  
+  auto enc_product = fhe_ctx_->HomomorphicMultiplyScalar(enc_a.value(), 1);
+  ASSERT_TRUE(enc_product.ok());
+  
+  auto decrypted = fhe_ctx_->Decrypt(enc_product.value(), keys_.private_key);
+  ASSERT_TRUE(decrypted.ok());
+  
+  // Should be unchanged
+  for (size_t i = 0; i < a.size(); ++i) {
+    EXPECT_EQ(decrypted.value()[i], a[i]) << "Identity at index " << i;
+  }
+}
+
+TEST_F(EncryptedPolynomialTest, ScalarMultiplyByNegative) {
+  // Test scalar multiplication by negative scalar
+  std::vector<int64_t> a = {10, 20, 30, 40};
+  int64_t scalar = -3;
+  
+  auto enc_a = fhe_ctx_->Encrypt(a, keys_.public_key);
+  ASSERT_TRUE(enc_a.ok());
+  
+  auto enc_product = fhe_ctx_->HomomorphicMultiplyScalar(enc_a.value(), scalar);
+  ASSERT_TRUE(enc_product.ok());
+  
+  auto decrypted = fhe_ctx_->Decrypt(enc_product.value(), keys_.private_key);
+  ASSERT_TRUE(decrypted.ok());
+  
+  // Verify negative scalar multiplication
+  for (size_t i = 0; i < a.size(); ++i) {
+    int64_t expected = ((a[i] * scalar) % RingParams::kModulus + RingParams::kModulus) 
+                       % RingParams::kModulus;
+    EXPECT_EQ(decrypted.value()[i], expected) << "Negative scalar at index " << i;
+  }
+}
+
+TEST_F(EncryptedPolynomialTest, ScalarMultiplyByLargeScalar) {
+  // Test scalar multiplication by large scalar
+  std::vector<int64_t> a = {1, 2, 3, 4};
+  int64_t scalar = 1000;
+  
+  auto enc_a = fhe_ctx_->Encrypt(a, keys_.public_key);
+  ASSERT_TRUE(enc_a.ok());
+  
+  auto enc_product = fhe_ctx_->HomomorphicMultiplyScalar(enc_a.value(), scalar);
+  ASSERT_TRUE(enc_product.ok());
+  
+  auto decrypted = fhe_ctx_->Decrypt(enc_product.value(), keys_.private_key);
+  ASSERT_TRUE(decrypted.ok());
+  
+  // Verify large scalar multiplication
+  for (size_t i = 0; i < a.size(); ++i) {
+    int64_t expected = (a[i] * scalar) % RingParams::kModulus;
+    EXPECT_EQ(decrypted.value()[i], expected) << "Large scalar at index " << i;
+  }
+}
+
+TEST_F(EncryptedPolynomialTest, ScalarMultiplyPowerOfTwo) {
+  // Test scalar multiplication by powers of 2 (efficient binary path)
+  std::vector<int64_t> a = {5, 10, 15, 20};
+  
+  for (int power = 1; power <= 5; ++power) {
+    int64_t scalar = 1 << power;  // 2^power
+    
+    auto enc_a = fhe_ctx_->Encrypt(a, keys_.public_key);
+    ASSERT_TRUE(enc_a.ok());
+    
+    auto enc_product = fhe_ctx_->HomomorphicMultiplyScalar(enc_a.value(), scalar);
+    ASSERT_TRUE(enc_product.ok());
+    
+    auto decrypted = fhe_ctx_->Decrypt(enc_product.value(), keys_.private_key);
+    ASSERT_TRUE(decrypted.ok());
+    
+    for (size_t i = 0; i < a.size(); ++i) {
+      int64_t expected = (a[i] * scalar) % RingParams::kModulus;
+      EXPECT_EQ(decrypted.value()[i], expected) 
+          << "Power of 2 (" << scalar << ") at index " << i;
+    }
+  }
+}
+
+// ============================================================================
+// Rotation Edge Cases
+// ============================================================================
+
+TEST_F(EncryptedPolynomialTest, RotateByZero) {
+  // Test rotation by zero (identity)
+  std::vector<int64_t> a = {1, 2, 3, 4, 5, 6, 7, 8};
+  
+  auto enc_a = fhe_ctx_->Encrypt(a, keys_.public_key);
+  ASSERT_TRUE(enc_a.ok());
+  
+  auto enc_rotated = fhe_ctx_->HomomorphicRotate(enc_a.value(), 0);
+  ASSERT_TRUE(enc_rotated.ok());
+  
+  auto decrypted = fhe_ctx_->Decrypt(enc_rotated.value(), keys_.private_key);
+  ASSERT_TRUE(decrypted.ok());
+  
+  // Should be unchanged
+  for (size_t i = 0; i < a.size(); ++i) {
+    EXPECT_EQ(decrypted.value()[i], a[i]) << "Zero rotation at index " << i;
+  }
+}
+
+TEST_F(EncryptedPolynomialTest, RotateNegative) {
+  // Test negative rotation (rotate left)
+  std::vector<int64_t> a = {1, 2, 3, 4, 5, 6, 7, 8};
+  int positions = -3;
+  
+  auto enc_a = fhe_ctx_->Encrypt(a, keys_.public_key);
+  ASSERT_TRUE(enc_a.ok());
+  
+  auto enc_rotated = fhe_ctx_->HomomorphicRotate(enc_a.value(), positions);
+  ASSERT_TRUE(enc_rotated.ok());
+  
+  auto decrypted = fhe_ctx_->Decrypt(enc_rotated.value(), keys_.private_key);
+  ASSERT_TRUE(decrypted.ok());
+  
+  // Verify rotation (left by 3 means position 0 gets value from position 3)
+  EXPECT_EQ(decrypted.value()[0], a[3]) << "Negative rotation check at index 0";
+  EXPECT_EQ(decrypted.value()[1], a[4]) << "Negative rotation check at index 1";
+}
+
+TEST_F(EncryptedPolynomialTest, RotateFullCycle) {
+  // Test rotating by full ring dimension
+  std::vector<int64_t> a = {1, 2, 3, 4, 5, 6, 7, 8};
+  
+  auto enc_a = fhe_ctx_->Encrypt(a, keys_.public_key);
+  ASSERT_TRUE(enc_a.ok());
+  
+  // Rotating by RingParams::kDegree should be identity (modulo ring size)
+  auto enc_rotated = fhe_ctx_->HomomorphicRotate(enc_a.value(), RingParams::kDegree);
+  ASSERT_TRUE(enc_rotated.ok());
+  
+  auto decrypted = fhe_ctx_->Decrypt(enc_rotated.value(), keys_.private_key);
+  ASSERT_TRUE(decrypted.ok());
+  
+  // Should be back to original (modulo effects may apply)
+  SUCCEED() << "Full cycle rotation completed";
+}
+
+TEST_F(EncryptedPolynomialTest, RotateLargePositions) {
+  // Test rotation by large position values
+  std::vector<int64_t> a = {1, 2, 3, 4, 5, 6, 7, 8};
+  
+  auto enc_a = fhe_ctx_->Encrypt(a, keys_.public_key);
+  ASSERT_TRUE(enc_a.ok());
+  
+  // Rotate by a large but valid position
+  int large_pos = RingParams::kDegree / 2;
+  auto enc_rotated = fhe_ctx_->HomomorphicRotate(enc_a.value(), large_pos);
+  ASSERT_TRUE(enc_rotated.ok());
+  
+  auto decrypted = fhe_ctx_->Decrypt(enc_rotated.value(), keys_.private_key);
+  ASSERT_TRUE(decrypted.ok());
+  SUCCEED() << "Large position rotation completed";
+}
+
+// ============================================================================
+// Addition/Subtraction Edge Cases
+// ============================================================================
+
+TEST_F(EncryptedPolynomialTest, AddWithZeroVector) {
+  // Test adding encrypted zero vector
+  std::vector<int64_t> a = {10, 20, 30, 40};
+  std::vector<int64_t> zeros(a.size(), 0);
+  
+  auto enc_a = fhe_ctx_->Encrypt(a, keys_.public_key);
+  auto enc_zeros = fhe_ctx_->Encrypt(zeros, keys_.public_key);
+  ASSERT_TRUE(enc_a.ok() && enc_zeros.ok());
+  
+  auto enc_sum = fhe_ctx_->HomomorphicAdd(enc_a.value(), enc_zeros.value());
+  ASSERT_TRUE(enc_sum.ok());
+  
+  auto decrypted = fhe_ctx_->Decrypt(enc_sum.value(), keys_.private_key);
+  ASSERT_TRUE(decrypted.ok());
+  
+  // Should equal original
+  for (size_t i = 0; i < a.size(); ++i) {
+    EXPECT_EQ(decrypted.value()[i], a[i]) << "Add zero at index " << i;
+  }
+}
+
+TEST_F(EncryptedPolynomialTest, SubtractSameVector) {
+  // Test subtracting vector from itself (should give zero)
+  std::vector<int64_t> a = {15, 30, 45, 60};
+  
+  auto enc_a = fhe_ctx_->Encrypt(a, keys_.public_key);
+  ASSERT_TRUE(enc_a.ok());
+  
+  auto enc_diff = fhe_ctx_->HomomorphicSubtract(enc_a.value(), enc_a.value());
+  ASSERT_TRUE(enc_diff.ok());
+  
+  auto decrypted = fhe_ctx_->Decrypt(enc_diff.value(), keys_.private_key);
+  ASSERT_TRUE(decrypted.ok());
+  
+  // All should be zero
+  for (size_t i = 0; i < a.size(); ++i) {
+    EXPECT_EQ(decrypted.value()[i], 0) << "Self-subtract at index " << i;
+  }
+}
+
+TEST_F(EncryptedPolynomialTest, SubtractionUnderflow) {
+  // Test subtraction that would underflow (wraps around modulus)
+  std::vector<int64_t> a = {1, 2, 3, 4};
+  std::vector<int64_t> b = {10, 20, 30, 40};
+  
+  auto enc_a = fhe_ctx_->Encrypt(a, keys_.public_key);
+  auto enc_b = fhe_ctx_->Encrypt(b, keys_.public_key);
+  ASSERT_TRUE(enc_a.ok() && enc_b.ok());
+  
+  auto enc_diff = fhe_ctx_->HomomorphicSubtract(enc_a.value(), enc_b.value());
+  ASSERT_TRUE(enc_diff.ok());
+  
+  auto decrypted = fhe_ctx_->Decrypt(enc_diff.value(), keys_.private_key);
+  ASSERT_TRUE(decrypted.ok());
+  
+  // Should wrap around modulus
+  for (size_t i = 0; i < a.size(); ++i) {
+    int64_t expected = ((a[i] - b[i]) % RingParams::kModulus + RingParams::kModulus) 
+                       % RingParams::kModulus;
+    EXPECT_EQ(decrypted.value()[i], expected) << "Underflow at index " << i;
+  }
+}
+
+TEST_F(EncryptedPolynomialTest, AdditionOverflow) {
+  // Test addition that causes modular overflow
+  std::vector<int64_t> a = {RingParams::kModulus - 10, RingParams::kModulus - 5, 
+                             RingParams::kModulus - 1, RingParams::kModulus - 2};
+  std::vector<int64_t> b = {20, 10, 5, 3};
+  
+  auto enc_a = fhe_ctx_->Encrypt(a, keys_.public_key);
+  auto enc_b = fhe_ctx_->Encrypt(b, keys_.public_key);
+  ASSERT_TRUE(enc_a.ok() && enc_b.ok());
+  
+  auto enc_sum = fhe_ctx_->HomomorphicAdd(enc_a.value(), enc_b.value());
+  ASSERT_TRUE(enc_sum.ok());
+  
+  auto decrypted = fhe_ctx_->Decrypt(enc_sum.value(), keys_.private_key);
+  ASSERT_TRUE(decrypted.ok());
+  
+  // Should wrap around modulus
+  for (size_t i = 0; i < a.size(); ++i) {
+    int64_t expected = (a[i] + b[i]) % RingParams::kModulus;
+    EXPECT_EQ(decrypted.value()[i], expected) << "Overflow at index " << i;
+  }
+}
+
+// ============================================================================
+// EncryptedPolynomial High-Level API Tests
+// ============================================================================
+
+TEST_F(EncryptedPolynomialTest, EncryptedPolynomialRoundtrip) {
+  // Test EncryptedPolynomial encrypt/decrypt roundtrip
+  Polynomial poly({11, 22, 33, 44, 55});
+  
+  auto enc_poly_or = EncryptedPolynomial::Encrypt(poly, keys_.public_key, *fhe_ctx_);
+  ASSERT_TRUE(enc_poly_or.ok());
+  
+  auto dec_poly_or = enc_poly_or.value().Decrypt(keys_.private_key, *fhe_ctx_);
+  ASSERT_TRUE(dec_poly_or.ok());
+  
+  // Verify coefficients match
+  const auto& orig_coeffs = poly.coefficients();
+  const auto& dec_coeffs = dec_poly_or.value().coefficients();
+  
+  for (size_t i = 0; i < orig_coeffs.size(); ++i) {
+    EXPECT_EQ(dec_coeffs[i], orig_coeffs[i]) << "Roundtrip at index " << i;
+  }
+}
+
+TEST_F(EncryptedPolynomialTest, EncryptedPolynomialAdd) {
+  // Test EncryptedPolynomial::Add
+  Polynomial poly1({5, 10, 15, 20});
+  Polynomial poly2({1, 2, 3, 4});
+  
+  auto enc1 = EncryptedPolynomial::Encrypt(poly1, keys_.public_key, *fhe_ctx_);
+  auto enc2 = EncryptedPolynomial::Encrypt(poly2, keys_.public_key, *fhe_ctx_);
+  ASSERT_TRUE(enc1.ok() && enc2.ok());
+  
+  auto enc_sum = enc1.value().Add(enc2.value(), *fhe_ctx_);
+  ASSERT_TRUE(enc_sum.ok());
+  
+  auto dec = enc_sum.value().Decrypt(keys_.private_key, *fhe_ctx_);
+  ASSERT_TRUE(dec.ok());
+  
+  // Verify addition
+  const auto& coeffs1 = poly1.coefficients();
+  const auto& coeffs2 = poly2.coefficients();
+  const auto& result = dec.value().coefficients();
+  
+  for (size_t i = 0; i < coeffs1.size(); ++i) {
+    int64_t expected = (coeffs1[i] + coeffs2[i]) % RingParams::kModulus;
+    EXPECT_EQ(result[i], expected) << "EncryptedPolynomial add at index " << i;
+  }
+}
+
+TEST_F(EncryptedPolynomialTest, EncryptedPolynomialSubtract) {
+  // Test EncryptedPolynomial::Subtract
+  Polynomial poly1({50, 100, 150, 200});
+  Polynomial poly2({5, 10, 15, 20});
+  
+  auto enc1 = EncryptedPolynomial::Encrypt(poly1, keys_.public_key, *fhe_ctx_);
+  auto enc2 = EncryptedPolynomial::Encrypt(poly2, keys_.public_key, *fhe_ctx_);
+  ASSERT_TRUE(enc1.ok() && enc2.ok());
+  
+  auto enc_diff = enc1.value().Subtract(enc2.value(), *fhe_ctx_);
+  ASSERT_TRUE(enc_diff.ok());
+  
+  auto dec = enc_diff.value().Decrypt(keys_.private_key, *fhe_ctx_);
+  ASSERT_TRUE(dec.ok());
+  
+  // Verify subtraction
+  const auto& coeffs1 = poly1.coefficients();
+  const auto& coeffs2 = poly2.coefficients();
+  const auto& result = dec.value().coefficients();
+  
+  for (size_t i = 0; i < coeffs1.size(); ++i) {
+    int64_t expected = (coeffs1[i] - coeffs2[i] + RingParams::kModulus) 
+                       % RingParams::kModulus;
+    EXPECT_EQ(result[i], expected) << "EncryptedPolynomial subtract at index " << i;
+  }
+}
+
+TEST_F(EncryptedPolynomialTest, EncryptedPolynomialMultiplyScalar) {
+  // Test EncryptedPolynomial::MultiplyScalar
+  Polynomial poly({3, 6, 9, 12});
+  int64_t scalar = 7;
+  
+  auto enc = EncryptedPolynomial::Encrypt(poly, keys_.public_key, *fhe_ctx_);
+  ASSERT_TRUE(enc.ok());
+  
+  auto enc_scaled = enc.value().MultiplyScalar(scalar, *fhe_ctx_);
+  ASSERT_TRUE(enc_scaled.ok());
+  
+  auto dec = enc_scaled.value().Decrypt(keys_.private_key, *fhe_ctx_);
+  ASSERT_TRUE(dec.ok());
+  
+  // Verify scalar multiplication
+  const auto& coeffs = poly.coefficients();
+  const auto& result = dec.value().coefficients();
+  
+  for (size_t i = 0; i < coeffs.size(); ++i) {
+    int64_t expected = (coeffs[i] * scalar) % RingParams::kModulus;
+    EXPECT_EQ(result[i], expected) << "EncryptedPolynomial scalar mult at index " << i;
+  }
+}
+
+TEST_F(EncryptedPolynomialTest, EncryptedPolynomialRotate) {
+  // Test EncryptedPolynomial::Rotate
+  Polynomial poly({1, 2, 3, 4, 5, 6, 7, 8});
+  int positions = 3;
+  
+  auto enc = EncryptedPolynomial::Encrypt(poly, keys_.public_key, *fhe_ctx_);
+  ASSERT_TRUE(enc.ok());
+  
+  auto enc_rotated = enc.value().Rotate(positions, *fhe_ctx_);
+  ASSERT_TRUE(enc_rotated.ok());
+  
+  auto dec = enc_rotated.value().Decrypt(keys_.private_key, *fhe_ctx_);
+  ASSERT_TRUE(dec.ok());
+  
+  const auto& result = dec.value().coefficients();
+  const auto& orig = poly.coefficients();
+  
+  // Verify rotation
+  EXPECT_EQ(result[0], orig[3]) << "EncryptedPolynomial rotation check at 0";
+  EXPECT_EQ(result[1], orig[4]) << "EncryptedPolynomial rotation check at 1";
+}
+
+TEST_F(EncryptedPolynomialTest, EncryptedPolynomialNegate) {
+  // Test EncryptedPolynomial::Negate
+  Polynomial poly({10, 20, 30, 40});
+  
+  auto enc = EncryptedPolynomial::Encrypt(poly, keys_.public_key, *fhe_ctx_);
+  ASSERT_TRUE(enc.ok());
+  
+  auto enc_negated = enc.value().Negate(*fhe_ctx_);
+  ASSERT_TRUE(enc_negated.ok());
+  
+  auto dec = enc_negated.value().Decrypt(keys_.private_key, *fhe_ctx_);
+  ASSERT_TRUE(dec.ok());
+  
+  // Verify negation
+  const auto& coeffs = poly.coefficients();
+  const auto& result = dec.value().coefficients();
+  
+  for (size_t i = 0; i < coeffs.size(); ++i) {
+    int64_t expected = (RingParams::kModulus - coeffs[i]) % RingParams::kModulus;
+    EXPECT_EQ(result[i], expected) << "EncryptedPolynomial negate at index " << i;
+  }
+}
+
+// ============================================================================
+// Character Projection Tests
+// ============================================================================
+
+TEST_F(EncryptedPolynomialTest, CharacterProjectionInvalidIndex) {
+  // Test character projection with invalid index
+  Polynomial poly({1, 2, 3, 4});
+  auto enc = EncryptedPolynomial::Encrypt(poly, keys_.public_key, *fhe_ctx_);
+  ASSERT_TRUE(enc.ok());
+  
+  // Negative index
+  auto proj_neg = enc.value().ProjectToCharacter(-1, *fhe_ctx_);
+  EXPECT_FALSE(proj_neg.ok());
+  EXPECT_EQ(proj_neg.status().code(), absl::StatusCode::kInvalidArgument);
+  
+  // Index too large
+  auto proj_large = enc.value().ProjectToCharacter(RingParams::kNumCharacters + 1, *fhe_ctx_);
+  EXPECT_FALSE(proj_large.ok());
+  EXPECT_EQ(proj_large.status().code(), absl::StatusCode::kInvalidArgument);
+}
+
+TEST_F(EncryptedPolynomialTest, CharacterProjectionAllCharacters) {
+  // Test projecting onto all characters
+  Polynomial poly({1, 2, 3, 4, 5, 6, 7, 8});
+  auto enc = EncryptedPolynomial::Encrypt(poly, keys_.public_key, *fhe_ctx_);
+  ASSERT_TRUE(enc.ok());
+  
+  auto projections_or = enc.value().ProjectToAllCharacters(*fhe_ctx_);
+  ASSERT_TRUE(projections_or.ok());
+  
+  const auto& projections = projections_or.value();
+  EXPECT_EQ(projections.size(), static_cast<size_t>(RingParams::kNumCharacters));
+  
+  // Verify each projection can be decrypted
+  for (size_t i = 0; i < projections.size(); ++i) {
+    auto dec = projections[i].Decrypt(keys_.private_key, *fhe_ctx_);
+    ASSERT_TRUE(dec.ok()) << "Projection " << i << " decryption failed";
+  }
+}
+
+TEST_F(EncryptedPolynomialTest, CharacterProjectionIdentity) {
+  // Character 0 should be identity (sum of all rotations / n)
+  Polynomial poly({10, 10, 10, 10, 10, 10, 10, 10});
+  auto enc = EncryptedPolynomial::Encrypt(poly, keys_.public_key, *fhe_ctx_);
+  ASSERT_TRUE(enc.ok());
+  
+  auto proj_or = enc.value().ProjectToCharacter(0, *fhe_ctx_);
+  ASSERT_TRUE(proj_or.ok());
+  
+  auto dec = proj_or.value().Decrypt(keys_.private_key, *fhe_ctx_);
+  ASSERT_TRUE(dec.ok());
+  
+  // For constant polynomial, character 0 projection should give meaningful result
+  SUCCEED() << "Character 0 projection completed successfully";
+}
+
+TEST_F(EncryptedPolynomialTest, CharacterProjectionOrthogonality) {
+  // Test that different character projections give different results
+  Polynomial poly({1, 2, 3, 4, 5, 6, 7, 8});
+  auto enc = EncryptedPolynomial::Encrypt(poly, keys_.public_key, *fhe_ctx_);
+  ASSERT_TRUE(enc.ok());
+  
+  // Project onto characters 0 and 1
+  auto proj0 = enc.value().ProjectToCharacter(0, *fhe_ctx_);
+  auto proj1 = enc.value().ProjectToCharacter(1, *fhe_ctx_);
+  ASSERT_TRUE(proj0.ok() && proj1.ok());
+  
+  auto dec0 = proj0.value().Decrypt(keys_.private_key, *fhe_ctx_);
+  auto dec1 = proj1.value().Decrypt(keys_.private_key, *fhe_ctx_);
+  ASSERT_TRUE(dec0.ok() && dec1.ok());
+  
+  // Different characters should give different projections
+  // (exact values depend on DFT implementation, just verify they complete)
+  SUCCEED() << "Character orthogonality test completed";
+}
+
+// ============================================================================
+// Complex Operation Chaining Tests
+// ============================================================================
+
+TEST_F(EncryptedPolynomialTest, ChainedOperations) {
+  // Test chaining multiple operations: (a + b) * scalar - c
+  Polynomial a({1, 2, 3, 4});
+  Polynomial b({5, 6, 7, 8});
+  Polynomial c({2, 3, 4, 5});
+  int64_t scalar = 3;
+  
+  auto enc_a = EncryptedPolynomial::Encrypt(a, keys_.public_key, *fhe_ctx_);
+  auto enc_b = EncryptedPolynomial::Encrypt(b, keys_.public_key, *fhe_ctx_);
+  auto enc_c = EncryptedPolynomial::Encrypt(c, keys_.public_key, *fhe_ctx_);
+  ASSERT_TRUE(enc_a.ok() && enc_b.ok() && enc_c.ok());
+  
+  // (a + b)
+  auto sum = enc_a.value().Add(enc_b.value(), *fhe_ctx_);
+  ASSERT_TRUE(sum.ok());
+  
+  // (a + b) * scalar
+  auto scaled = sum.value().MultiplyScalar(scalar, *fhe_ctx_);
+  ASSERT_TRUE(scaled.ok());
+  
+  // (a + b) * scalar - c
+  auto result = scaled.value().Subtract(enc_c.value(), *fhe_ctx_);
+  ASSERT_TRUE(result.ok());
+  
+  auto dec = result.value().Decrypt(keys_.private_key, *fhe_ctx_);
+  ASSERT_TRUE(dec.ok());
+  
+  // Verify: (a[i] + b[i]) * scalar - c[i]
+  for (size_t i = 0; i < a.coefficients().size(); ++i) {
+    int64_t expected = (((a.coefficients()[i] + b.coefficients()[i]) * scalar) 
+                        - c.coefficients()[i] + RingParams::kModulus * 2) 
+                       % RingParams::kModulus;
+    EXPECT_EQ(dec.value().coefficients()[i], expected) 
+        << "Chained operations at index " << i;
+  }
+}
+
+TEST_F(EncryptedPolynomialTest, DeepChainedAdditions) {
+  // Test deep chaining (stress test for depth-0 operations)
+  Polynomial poly({1, 1, 1, 1});
+  auto enc = EncryptedPolynomial::Encrypt(poly, keys_.public_key, *fhe_ctx_);
+  ASSERT_TRUE(enc.ok());
+  
+  auto result = enc.value();
+  int num_additions = 10;
+  
+  // Add to itself multiple times
+  for (int i = 0; i < num_additions; ++i) {
+    auto sum = result.Add(enc.value(), *fhe_ctx_);
+    ASSERT_TRUE(sum.ok()) << "Addition failed at iteration " << i;
+    result = sum.value();
+  }
+  
+  auto dec = result.Decrypt(keys_.private_key, *fhe_ctx_);
+  ASSERT_TRUE(dec.ok());
+  
+  // Should equal (num_additions + 1) * original
+  int64_t expected = (num_additions + 1) % RingParams::kModulus;
+  EXPECT_EQ(dec.value().coefficients()[0], expected);
+}
+
+TEST_F(EncryptedPolynomialTest, MixedOperationsOrder) {
+  // Test different orderings of operations
+  Polynomial poly({10, 20, 30, 40});
+  auto enc = EncryptedPolynomial::Encrypt(poly, keys_.public_key, *fhe_ctx_);
+  ASSERT_TRUE(enc.ok());
+  
+  // Path 1: rotate then scale
+  auto rot1 = enc.value().Rotate(2, *fhe_ctx_);
+  ASSERT_TRUE(rot1.ok());
+  auto scaled1 = rot1.value().MultiplyScalar(2, *fhe_ctx_);
+  ASSERT_TRUE(scaled1.ok());
+  
+  // Path 2: scale then rotate
+  auto scaled2 = enc.value().MultiplyScalar(2, *fhe_ctx_);
+  ASSERT_TRUE(scaled2.ok());
+  auto rot2 = scaled2.value().Rotate(2, *fhe_ctx_);
+  ASSERT_TRUE(rot2.ok());
+  
+  // Both paths should give same result
+  auto dec1 = scaled1.value().Decrypt(keys_.private_key, *fhe_ctx_);
+  auto dec2 = rot2.value().Decrypt(keys_.private_key, *fhe_ctx_);
+  ASSERT_TRUE(dec1.ok() && dec2.ok());
+  
+  // Verify they match
+  for (size_t i = 0; i < std::min(dec1.value().coefficients().size(),
+                                   dec2.value().coefficients().size()); ++i) {
+    EXPECT_EQ(dec1.value().coefficients()[i], dec2.value().coefficients()[i])
+        << "Operation order commutativity at index " << i;
+  }
+}
+
+// ============================================================================
+// Debug and Utility Tests
+// ============================================================================
+
+TEST_F(EncryptedPolynomialTest, DebugStringFormat) {
+  // Test DebugString doesn't crash and returns meaningful format
+  Polynomial poly({1, 2, 3});
+  auto enc = EncryptedPolynomial::Encrypt(poly, keys_.public_key, *fhe_ctx_);
+  ASSERT_TRUE(enc.ok());
+  
+  std::string debug_str = enc.value().DebugString();
+  EXPECT_FALSE(debug_str.empty());
+  EXPECT_NE(debug_str.find("EncryptedPolynomial"), std::string::npos);
+  EXPECT_NE(debug_str.find("ciphertext_ptr"), std::string::npos);
+}
+
+TEST_F(EncryptedPolynomialTest, CiphertextAccessor) {
+  // Test ciphertext accessor
+  Polynomial poly({1, 2, 3});
+  auto enc = EncryptedPolynomial::Encrypt(poly, keys_.public_key, *fhe_ctx_);
+  ASSERT_TRUE(enc.ok());
+  
+  const auto& ct = enc.value().ciphertext();
+  EXPECT_TRUE(ct != nullptr) << "Ciphertext should not be null";
+}
+
+// ============================================================================
+// FHEContext Parameter Tests
+// ============================================================================
+
+TEST_F(EncryptedPolynomialTest, FHEContextParameters) {
+  // Verify FHE context parameters match RingParams
+  EXPECT_EQ(fhe_ctx_->ring_dimension(), RingParams::kDegree);
+  EXPECT_EQ(fhe_ctx_->modulus(), RingParams::kModulus);
+  EXPECT_TRUE(fhe_ctx_->crypto_context() != nullptr);
+}
+
+TEST_F(EncryptedPolynomialTest, MultipleContextCreation) {
+  // Test creating multiple FHE contexts
+  auto ctx1_or = FHEContext::Create();
+  auto ctx2_or = FHEContext::Create();
+  
+  ASSERT_TRUE(ctx1_or.ok());
+  ASSERT_TRUE(ctx2_or.ok());
+  
+  // Both should have same parameters
+  EXPECT_EQ(ctx1_or.value().ring_dimension(), ctx2_or.value().ring_dimension());
+  EXPECT_EQ(ctx1_or.value().modulus(), ctx2_or.value().modulus());
+}
+
+TEST_F(EncryptedPolynomialTest, KeyPairIndependence) {
+  // Test that different key pairs are independent
+  auto keys1_or = fhe_ctx_->GenerateKeyPair();
+  auto keys2_or = fhe_ctx_->GenerateKeyPair();
+  ASSERT_TRUE(keys1_or.ok() && keys2_or.ok());
+  
+  Polynomial poly({42, 84, 126});
+  
+  // Encrypt with keys1
+  auto enc1 = EncryptedPolynomial::Encrypt(poly, keys1_or.value().public_key, *fhe_ctx_);
+  ASSERT_TRUE(enc1.ok());
+  
+  // Should decrypt with keys1
+  auto dec1 = enc1.value().Decrypt(keys1_or.value().private_key, *fhe_ctx_);
+  ASSERT_TRUE(dec1.ok());
+  EXPECT_EQ(dec1.value().coefficients()[0], 42);
+  
+  // Encrypt with keys2
+  auto enc2 = EncryptedPolynomial::Encrypt(poly, keys2_or.value().public_key, *fhe_ctx_);
+  ASSERT_TRUE(enc2.ok());
+  
+  // Should decrypt with keys2
+  auto dec2 = enc2.value().Decrypt(keys2_or.value().private_key, *fhe_ctx_);
+  ASSERT_TRUE(dec2.ok());
+  EXPECT_EQ(dec2.value().coefficients()[0], 42);
+}
+
 }  // namespace
 }  // namespace f2chat

[coderabbitai]

Here are the copyable unit test edits:

Copyable Edits

test/crypto/encrypted_polynomial_test.cc

@@ -222,5 +222,664 @@
   }
 }
 
+
+// ============================================================================
+// Additional Comprehensive Tests for FHE Operations
+// ============================================================================
+
+// Edge case tests for encryption/decryption
+TEST_F(EncryptedPolynomialTest, EncryptionWithZeroCoefficients) {
+  // Test encryption of all-zero polynomial
+  std::vector<int64_t> zeros(RingParams::kDegree, 0);
+  
+  auto enc = fhe_ctx_->Encrypt(zeros, keys_.public_key);
+  ASSERT_TRUE(enc.ok()) << "Zero encryption failed: " << enc.status();
+  
+  auto dec = fhe_ctx_->Decrypt(enc.value(), keys_.private_key);
+  ASSERT_TRUE(dec.ok());
+  
+  for (size_t i = 0; i < zeros.size(); ++i) {
+    EXPECT_EQ(dec.value()[i], 0) << "Zero mismatch at index " << i;
+  }
+}
+
+TEST_F(EncryptedPolynomialTest, EncryptionWithLargeCoefficients) {
+  // Test encryption near modulus boundary
+  std::vector<int64_t> large = {
+    RingParams::kModulus - 1,
+    RingParams::kModulus - 2,
+    RingParams::kModulus - 100,
+    RingParams::kModulus / 2
+  };
+  
+  auto enc = fhe_ctx_->Encrypt(large, keys_.public_key);
+  ASSERT_TRUE(enc.ok()) << "Large value encryption failed: " << enc.status();
+  
+  auto dec = fhe_ctx_->Decrypt(enc.value(), keys_.private_key);
+  ASSERT_TRUE(dec.ok());
+  
+  for (size_t i = 0; i < large.size(); ++i) {
+    EXPECT_EQ(dec.value()[i], large[i]) << "Large value mismatch at index " << i;
+  }
+}
+
+TEST_F(EncryptedPolynomialTest, EncryptionWithSingleNonZero) {
+  // Test sparse polynomial (one non-zero coefficient)
+  std::vector<int64_t> sparse(RingParams::kDegree, 0);
+  sparse[0] = 42;
+  
+  auto enc = fhe_ctx_->Encrypt(sparse, keys_.public_key);
+  ASSERT_TRUE(enc.ok());
+  
+  auto dec = fhe_ctx_->Decrypt(enc.value(), keys_.private_key);
+  ASSERT_TRUE(dec.ok());
+  
+  EXPECT_EQ(dec.value()[0], 42) << "Sparse coefficient mismatch";
+  for (size_t i = 1; i < 10; ++i) {
+    EXPECT_EQ(dec.value()[i], 0) << "Expected zero at index " << i;
+  }
+}
+
+// Comprehensive tests for scalar multiplication edge cases
+TEST_F(EncryptedPolynomialTest, ScalarMultiplyByZero) {
+  // Multiplying by zero should yield zero polynomial
+  std::vector<int64_t> data = {1, 2, 3, 4, 5};
+  
+  auto enc = fhe_ctx_->Encrypt(data, keys_.public_key);
+  ASSERT_TRUE(enc.ok());
+  
+  auto result = fhe_ctx_->HomomorphicMultiplyScalar(enc.value(), 0);
+  ASSERT_TRUE(result.ok()) << "Scalar multiply by 0 failed: " << result.status();
+  
+  auto dec = fhe_ctx_->Decrypt(result.value(), keys_.private_key);
+  ASSERT_TRUE(dec.ok());
+  
+  for (size_t i = 0; i < data.size(); ++i) {
+    EXPECT_EQ(dec.value()[i], 0) << "Expected zero after multiply by 0";
+  }
+}
+
+TEST_F(EncryptedPolynomialTest, ScalarMultiplyByOne) {
+  // Multiplying by one should be identity
+  std::vector<int64_t> data = {7, 14, 21, 28};
+  
+  auto enc = fhe_ctx_->Encrypt(data, keys_.public_key);
+  ASSERT_TRUE(enc.ok());
+  
+  auto result = fhe_ctx_->HomomorphicMultiplyScalar(enc.value(), 1);
+  ASSERT_TRUE(result.ok());
+  
+  auto dec = fhe_ctx_->Decrypt(result.value(), keys_.private_key);
+  ASSERT_TRUE(dec.ok());
+  
+  for (size_t i = 0; i < data.size(); ++i) {
+    EXPECT_EQ(dec.value()[i], data[i]) << "Multiply by 1 changed value at index " << i;
+  }
+}
+
+TEST_F(EncryptedPolynomialTest, ScalarMultiplyByNegativeOne) {
+  // Multiplying by -1 should negate
+  std::vector<int64_t> data = {10, 20, 30, 40};
+  
+  auto enc = fhe_ctx_->Encrypt(data, keys_.public_key);
+  ASSERT_TRUE(enc.ok());
+  
+  auto result = fhe_ctx_->HomomorphicMultiplyScalar(enc.value(), -1);
+  ASSERT_TRUE(result.ok()) << "Scalar multiply by -1 failed: " << result.status();
+  
+  auto dec = fhe_ctx_->Decrypt(result.value(), keys_.private_key);
+  ASSERT_TRUE(dec.ok());
+  
+  for (size_t i = 0; i < data.size(); ++i) {
+    int64_t expected = (RingParams::kModulus - data[i]) % RingParams::kModulus;
+    EXPECT_EQ(dec.value()[i], expected) << "Negation mismatch at index " << i;
+  }
+}
+
+TEST_F(EncryptedPolynomialTest, ScalarMultiplyByLargeValue) {
+  // Test with large scalar value
+  std::vector<int64_t> data = {1, 2, 3};
+  int64_t large_scalar = 1000;
+  
+  auto enc = fhe_ctx_->Encrypt(data, keys_.public_key);
+  ASSERT_TRUE(enc.ok());
+  
+  auto result = fhe_ctx_->HomomorphicMultiplyScalar(enc.value(), large_scalar);
+  ASSERT_TRUE(result.ok()) << "Large scalar multiply failed: " << result.status();
+  
+  auto dec = fhe_ctx_->Decrypt(result.value(), keys_.private_key);
+  ASSERT_TRUE(dec.ok());
+  
+  for (size_t i = 0; i < data.size(); ++i) {
+    int64_t expected = (data[i] * large_scalar) % RingParams::kModulus;
+    EXPECT_EQ(dec.value()[i], expected) << "Large scalar multiply mismatch at index " << i;
+  }
+}
+
+TEST_F(EncryptedPolynomialTest, ScalarMultiplyByNegativeValue) {
+  // Test with negative scalar
+  std::vector<int64_t> data = {5, 10, 15};
+  int64_t neg_scalar = -3;
+  
+  auto enc = fhe_ctx_->Encrypt(data, keys_.public_key);
+  ASSERT_TRUE(enc.ok());
+  
+  auto result = fhe_ctx_->HomomorphicMultiplyScalar(enc.value(), neg_scalar);
+  ASSERT_TRUE(result.ok()) << "Negative scalar multiply failed: " << result.status();
+  
+  auto dec = fhe_ctx_->Decrypt(result.value(), keys_.private_key);
+  ASSERT_TRUE(dec.ok());
+  
+  for (size_t i = 0; i < data.size(); ++i) {
+    // For negative multiplication: -3 * 5 = -15 ≡ (kModulus - 15) mod kModulus
+    int64_t raw_result = data[i] * neg_scalar;
+    int64_t expected = raw_result < 0 
+        ? (RingParams::kModulus + (raw_result % RingParams::kModulus)) % RingParams::kModulus
+        : raw_result % RingParams::kModulus;
+    EXPECT_EQ(dec.value()[i], expected) << "Negative scalar multiply mismatch at index " << i;
+  }
+}
+
+// Comprehensive rotation tests
+TEST_F(EncryptedPolynomialTest, RotationByZero) {
+  // Rotation by 0 should be identity
+  std::vector<int64_t> data = {1, 2, 3, 4, 5, 6, 7, 8};
+  
+  auto enc = fhe_ctx_->Encrypt(data, keys_.public_key);
+  ASSERT_TRUE(enc.ok());
+  
+  auto result = fhe_ctx_->HomomorphicRotate(enc.value(), 0);
+  ASSERT_TRUE(result.ok()) << "Rotation by 0 failed: " << result.status();
+  
+  auto dec = fhe_ctx_->Decrypt(result.value(), keys_.private_key);
+  ASSERT_TRUE(dec.ok());
+  
+  for (size_t i = 0; i < data.size(); ++i) {
+    EXPECT_EQ(dec.value()[i], data[i]) << "Rotation by 0 changed value at index " << i;
+  }
+}
+
+TEST_F(EncryptedPolynomialTest, RotationByOne) {
+  // Basic rotation test
+  std::vector<int64_t> data = {1, 2, 3, 4, 5, 6, 7, 8};
+  
+  auto enc = fhe_ctx_->Encrypt(data, keys_.public_key);
+  ASSERT_TRUE(enc.ok());
+  
+  auto result = fhe_ctx_->HomomorphicRotate(enc.value(), 1);
+  ASSERT_TRUE(result.ok());
+  
+  auto dec = fhe_ctx_->Decrypt(result.value(), keys_.private_key);
+  ASSERT_TRUE(dec.ok());
+  
+  // After rotation by 1: position 0 gets value from position 1
+  EXPECT_EQ(dec.value()[0], data[1]) << "Rotation by 1 failed at index 0";
+  EXPECT_EQ(dec.value()[1], data[2]) << "Rotation by 1 failed at index 1";
+}
+
+TEST_F(EncryptedPolynomialTest, RotationByNegative) {
+  // Test negative rotation (rotate left)
+  std::vector<int64_t> data = {10, 20, 30, 40, 50, 60, 70, 80};
+  
+  auto enc = fhe_ctx_->Encrypt(data, keys_.public_key);
+  ASSERT_TRUE(enc.ok());
+  
+  auto result = fhe_ctx_->HomomorphicRotate(enc.value(), -2);
+  ASSERT_TRUE(result.ok()) << "Negative rotation failed: " << result.status();
+  
+  auto dec = fhe_ctx_->Decrypt(result.value(), keys_.private_key);
+  ASSERT_TRUE(dec.ok());
+  
+  // Negative rotation shifts in the opposite direction
+  // Verify at least that decryption succeeds and values are from original set
+  bool found_expected = false;
+  for (size_t i = 0; i < data.size(); ++i) {
+    for (size_t j = 0; j < data.size(); ++j) {
+      if (dec.value()[i] == data[j]) {
+        found_expected = true;
+        break;
+      }
+    }
+    EXPECT_TRUE(found_expected) << "Unexpected value after negative rotation at index " << i;
+    found_expected = false;
+  }
+}
+
+TEST_F(EncryptedPolynomialTest, RotationCommutativity) {
+  // Verify rotation(a) + rotation(b) = rotation(a+b)
+  std::vector<int64_t> data = {1, 2, 3, 4, 5, 6, 7, 8};
+  
+  auto enc = fhe_ctx_->Encrypt(data, keys_.public_key);
+  ASSERT_TRUE(enc.ok());
+  
+  // Rotate by 2, then by 3
+  auto rot2 = fhe_ctx_->HomomorphicRotate(enc.value(), 2);
+  ASSERT_TRUE(rot2.ok());
+  auto rot2_then_3 = fhe_ctx_->HomomorphicRotate(rot2.value(), 3);
+  ASSERT_TRUE(rot2_then_3.ok());
+  
+  // Rotate directly by 5
+  auto rot5 = fhe_ctx_->HomomorphicRotate(enc.value(), 5);
+  ASSERT_TRUE(rot5.ok());
+  
+  // Decrypt both
+  auto dec_combined = fhe_ctx_->Decrypt(rot2_then_3.value(), keys_.private_key);
+  auto dec_direct = fhe_ctx_->Decrypt(rot5.value(), keys_.private_key);
+  ASSERT_TRUE(dec_combined.ok() && dec_direct.ok());
+  
+  // Should be equal
+  for (size_t i = 0; i < data.size(); ++i) {
+    EXPECT_EQ(dec_combined.value()[i], dec_direct.value()[i])
+        << "Rotation commutativity failed at index " << i;
+  }
+}
+
+// Tests for add/subtract commutativity and properties
+TEST_F(EncryptedPolynomialTest, AdditionCommutativity) {
+  // Verify a + b = b + a
+  std::vector<int64_t> a = {1, 2, 3, 4};
+  std::vector<int64_t> b = {5, 6, 7, 8};
+  
+  auto enc_a = fhe_ctx_->Encrypt(a, keys_.public_key);
+  auto enc_b = fhe_ctx_->Encrypt(b, keys_.public_key);
+  ASSERT_TRUE(enc_a.ok() && enc_b.ok());
+  
+  auto a_plus_b = fhe_ctx_->HomomorphicAdd(enc_a.value(), enc_b.value());
+  auto b_plus_a = fhe_ctx_->HomomorphicAdd(enc_b.value(), enc_a.value());
+  ASSERT_TRUE(a_plus_b.ok() && b_plus_a.ok());
+  
+  auto dec_ab = fhe_ctx_->Decrypt(a_plus_b.value(), keys_.private_key);
+  auto dec_ba = fhe_ctx_->Decrypt(b_plus_a.value(), keys_.private_key);
+  ASSERT_TRUE(dec_ab.ok() && dec_ba.ok());
+  
+  for (size_t i = 0; i < a.size(); ++i) {
+    EXPECT_EQ(dec_ab.value()[i], dec_ba.value()[i])
+        << "Addition not commutative at index " << i;
+  }
+}
+
+TEST_F(EncryptedPolynomialTest, AdditionAssociativity) {
+  // Verify (a + b) + c = a + (b + c)
+  std::vector<int64_t> a = {1, 2, 3};
+  std::vector<int64_t> b = {4, 5, 6};
+  std::vector<int64_t> c = {7, 8, 9};
+  
+  auto enc_a = fhe_ctx_->Encrypt(a, keys_.public_key);
+  auto enc_b = fhe_ctx_->Encrypt(b, keys_.public_key);
+  auto enc_c = fhe_ctx_->Encrypt(c, keys_.public_key);
+  ASSERT_TRUE(enc_a.ok() && enc_b.ok() && enc_c.ok());
+  
+  // (a + b) + c
+  auto ab = fhe_ctx_->HomomorphicAdd(enc_a.value(), enc_b.value());
+  ASSERT_TRUE(ab.ok());
+  auto ab_c = fhe_ctx_->HomomorphicAdd(ab.value(), enc_c.value());
+  ASSERT_TRUE(ab_c.ok());
+  
+  // a + (b + c)
+  auto bc = fhe_ctx_->HomomorphicAdd(enc_b.value(), enc_c.value());
+  ASSERT_TRUE(bc.ok());
+  auto a_bc = fhe_ctx_->HomomorphicAdd(enc_a.value(), bc.value());
+  ASSERT_TRUE(a_bc.ok());
+  
+  auto dec1 = fhe_ctx_->Decrypt(ab_c.value(), keys_.private_key);
+  auto dec2 = fhe_ctx_->Decrypt(a_bc.value(), keys_.private_key);
+  ASSERT_TRUE(dec1.ok() && dec2.ok());
+  
+  for (size_t i = 0; i < a.size(); ++i) {
+    EXPECT_EQ(dec1.value()[i], dec2.value()[i])
+        << "Addition not associative at index " << i;
+  }
+}
+
+TEST_F(EncryptedPolynomialTest, SubtractionIdentity) {
+  // Verify a - a = 0
+  std::vector<int64_t> a = {10, 20, 30, 40};
+  
+  auto enc_a = fhe_ctx_->Encrypt(a, keys_.public_key);
+  ASSERT_TRUE(enc_a.ok());
+  
+  auto diff = fhe_ctx_->HomomorphicSubtract(enc_a.value(), enc_a.value());
+  ASSERT_TRUE(diff.ok());
+  
+  auto dec = fhe_ctx_->Decrypt(diff.value(), keys_.private_key);
+  ASSERT_TRUE(dec.ok());
+  
+  for (size_t i = 0; i < a.size(); ++i) {
+    EXPECT_EQ(dec.value()[i], 0) << "Subtraction identity failed at index " << i;
+  }
+}
+
+TEST_F(EncryptedPolynomialTest, SubtractionWithModularWrap) {
+  // Test subtraction that wraps around modulus
+  std::vector<int64_t> a = {1, 2, 3};
+  std::vector<int64_t> b = {10, 20, 30};
+  
+  auto enc_a = fhe_ctx_->Encrypt(a, keys_.public_key);
+  auto enc_b = fhe_ctx_->Encrypt(b, keys_.public_key);
+  ASSERT_TRUE(enc_a.ok() && enc_b.ok());
+  
+  // a - b should wrap around modulus
+  auto diff = fhe_ctx_->HomomorphicSubtract(enc_a.value(), enc_b.value());
+  ASSERT_TRUE(diff.ok());
+  
+  auto dec = fhe_ctx_->Decrypt(diff.value(), keys_.private_key);
+  ASSERT_TRUE(dec.ok());
+  
+  for (size_t i = 0; i < a.size(); ++i) {
+    int64_t expected = (a[i] - b[i] + RingParams::kModulus) % RingParams::kModulus;
+    EXPECT_EQ(dec.value()[i], expected) << "Modular subtraction failed at index " << i;
+  }
+}
+
+// Character projection comprehensive tests
+TEST_F(EncryptedPolynomialTest, CharacterProjectionBounds) {
+  // Test invalid character indices
+  Polynomial poly({1, 2, 3, 4});
+  auto enc_poly = EncryptedPolynomial::Encrypt(poly, keys_.public_key, *fhe_ctx_);
+  ASSERT_TRUE(enc_poly.ok());
+  
+  // Negative index should fail
+  auto proj_neg = enc_poly.value().ProjectToCharacter(-1, *fhe_ctx_);
+  EXPECT_FALSE(proj_neg.ok()) << "Expected error for negative character index";
+  
+  // Index >= kNumCharacters should fail
+  auto proj_too_large = enc_poly.value().ProjectToCharacter(
+      RingParams::kNumCharacters, *fhe_ctx_);
+  EXPECT_FALSE(proj_too_large.ok()) << "Expected error for too large character index";
+  
+  auto proj_way_too_large = enc_poly.value().ProjectToCharacter(100, *fhe_ctx_);
+  EXPECT_FALSE(proj_way_too_large.ok()) << "Expected error for very large character index";
+}
+
+TEST_F(EncryptedPolynomialTest, CharacterProjectionAllIndices) {
+  // Test projection onto each valid character
+  Polynomial poly({1, 2, 3, 4, 5, 6, 7, 8});
+  auto enc_poly = EncryptedPolynomial::Encrypt(poly, keys_.public_key, *fhe_ctx_);
+  ASSERT_TRUE(enc_poly.ok());
+  
+  for (int j = 0; j < RingParams::kNumCharacters; ++j) {
+    auto proj = enc_poly.value().ProjectToCharacter(j, *fhe_ctx_);
+    ASSERT_TRUE(proj.ok()) << "Projection onto character " << j << " failed: " 
+                           << proj.status();
+    
+    // Verify we can decrypt the projection
+    auto dec = proj.value().Decrypt(keys_.private_key, *fhe_ctx_);
+    ASSERT_TRUE(dec.ok()) << "Decryption of character " << j << " projection failed";
+    
+    // Just verify it's a valid polynomial (coefficients in range)
+    for (size_t i = 0; i < 8; ++i) {
+      EXPECT_GE(dec.value().coefficients()[i], 0) << "Invalid coefficient at index " << i;
+      EXPECT_LT(dec.value().coefficients()[i], RingParams::kModulus) 
+          << "Coefficient out of range at index " << i;
+    }
+  }
+}
+
+TEST_F(EncryptedPolynomialTest, ProjectToAllCharacters) {
+  // Test projecting to all characters at once
+  Polynomial poly({1, 2, 3, 4, 5, 6, 7, 8});
+  auto enc_poly = EncryptedPolynomial::Encrypt(poly, keys_.public_key, *fhe_ctx_);
+  ASSERT_TRUE(enc_poly.ok());
+  
+  auto all_proj = enc_poly.value().ProjectToAllCharacters(*fhe_ctx_);
+  ASSERT_TRUE(all_proj.ok()) << "ProjectToAllCharacters failed: " << all_proj.status();
+  
+  EXPECT_EQ(all_proj.value().size(), static_cast<size_t>(RingParams::kNumCharacters))
+      << "Incorrect number of character projections";
+  
+  // Verify each projection can be decrypted
+  for (size_t j = 0; j < all_proj.value().size(); ++j) {
+    auto dec = all_proj.value()[j].Decrypt(keys_.private_key, *fhe_ctx_);
+    ASSERT_TRUE(dec.ok()) << "Failed to decrypt projection " << j;
+  }
+}
+
+TEST_F(EncryptedPolynomialTest, CharacterProjectionOrthogonality) {
+  // Different characters should give different projections
+  Polynomial poly({1, 2, 3, 4, 5, 6, 7, 8});
+  auto enc_poly = EncryptedPolynomial::Encrypt(poly, keys_.public_key, *fhe_ctx_);
+  ASSERT_TRUE(enc_poly.ok());
+  
+  // Get projections for first two characters
+  auto proj0 = enc_poly.value().ProjectToCharacter(0, *fhe_ctx_);
+  auto proj1 = enc_poly.value().ProjectToCharacter(1, *fhe_ctx_);
+  ASSERT_TRUE(proj0.ok() && proj1.ok());
+  
+  auto dec0 = proj0.value().Decrypt(keys_.private_key, *fhe_ctx_);
+  auto dec1 = proj1.value().Decrypt(keys_.private_key, *fhe_ctx_);
+  ASSERT_TRUE(dec0.ok() && dec1.ok());
+  
+  // At least one coefficient should differ (orthogonality property)
+  bool found_difference = false;
+  for (size_t i = 0; i < 8; ++i) {
+    if (dec0.value().coefficients()[i] != dec1.value().coefficients()[i]) {
+      found_difference = true;
+      break;
+    }
+  }
+  EXPECT_TRUE(found_difference) 
+      << "Character projections should differ due to orthogonality";
+}
+
+// Combined operation tests (simulating real routing scenarios)
+TEST_F(EncryptedPolynomialTest, ComplexRoutingSimulation) {
+  // Simulate a routing operation: weighted sum of rotations
+  Polynomial msg({42, 100, 200, 300});
+  auto enc_msg = EncryptedPolynomial::Encrypt(msg, keys_.public_key, *fhe_ctx_);
+  ASSERT_TRUE(enc_msg.ok());
+  
+  // Simulate position-dependent routing weights
+  std::vector<int64_t> weights = {1, 2, 3, 4};
+  
+  // Compute weighted sum: Σ weights[k] * Rotate(msg, k)
+  auto enc_result = enc_msg.value();
+  for (size_t k = 1; k < weights.size(); ++k) {
+    auto rotated = enc_msg.value().Rotate(k, *fhe_ctx_);
+    ASSERT_TRUE(rotated.ok());
+    
+    auto scaled = rotated.value().MultiplyScalar(weights[k], *fhe_ctx_);
+    ASSERT_TRUE(scaled.ok());
+    
+    auto sum = enc_result.Add(scaled.value(), *fhe_ctx_);
+    ASSERT_TRUE(sum.ok());
+    
+    enc_result = sum.value();
+  }
+  
+  // Verify we can decrypt the result
+  auto dec = enc_result.Decrypt(keys_.private_key, *fhe_ctx_);
+  ASSERT_TRUE(dec.ok()) << "Complex routing simulation decryption failed";
+  
+  // Verify coefficients are in valid range
+  for (size_t i = 0; i < 4; ++i) {
+    EXPECT_GE(dec.value().coefficients()[i], 0);
+    EXPECT_LT(dec.value().coefficients()[i], RingParams::kModulus);
+  }
+}
+
+TEST_F(EncryptedPolynomialTest, NestedOperations) {
+  // Test deeply nested operations
+  std::vector<int64_t> data = {1, 2, 3, 4};
+  
+  auto enc = fhe_ctx_->Encrypt(data, keys_.public_key);
+  ASSERT_TRUE(enc.ok());
+  
+  // Perform nested operations: ((a + a) * 2) - a
+  auto sum = fhe_ctx_->HomomorphicAdd(enc.value(), enc.value());
+  ASSERT_TRUE(sum.ok());
+  
+  auto doubled = fhe_ctx_->HomomorphicMultiplyScalar(sum.value(), 2);
+  ASSERT_TRUE(doubled.ok());
+  
+  auto result = fhe_ctx_->HomomorphicSubtract(doubled.value(), enc.value());
+  ASSERT_TRUE(result.ok());
+  
+  auto dec = fhe_ctx_->Decrypt(result.value(), keys_.private_key);
+  ASSERT_TRUE(dec.ok());
+  
+  // Expected: ((a + a) * 2) - a = (2a * 2) - a = 4a - a = 3a
+  for (size_t i = 0; i < data.size(); ++i) {
+    int64_t expected = (data[i] * 3) % RingParams::kModulus;
+    EXPECT_EQ(dec.value()[i], expected) << "Nested operation mismatch at index " << i;
+  }
+}
+
+TEST_F(EncryptedPolynomialTest, EncryptedPolynomialNegate) {
+  // Test the EncryptedPolynomial::Negate method
+  Polynomial poly({5, 10, 15, 20});
+  auto enc_poly = EncryptedPolynomial::Encrypt(poly, keys_.public_key, *fhe_ctx_);
+  ASSERT_TRUE(enc_poly.ok());
+  
+  auto negated = enc_poly.value().Negate(*fhe_ctx_);
+  ASSERT_TRUE(negated.ok()) << "Negation failed: " << negated.status();
+  
+  auto dec = negated.value().Decrypt(keys_.private_key, *fhe_ctx_);
+  ASSERT_TRUE(dec.ok());
+  
+  for (size_t i = 0; i < 4; ++i) {
+    int64_t expected = (RingParams::kModulus - poly.coefficients()[i]) % RingParams::kModulus;
+    EXPECT_EQ(dec.value().coefficients()[i], expected) 
+        << "Negation mismatch at index " << i;
+  }
+}
+
+TEST_F(EncryptedPolynomialTest, HighLevelEncryptedPolynomialAPI) {
+  // Test using the EncryptedPolynomial high-level API
+  Polynomial a({1, 2, 3, 4});
+  Polynomial b({5, 6, 7, 8});
+  
+  auto enc_a = EncryptedPolynomial::Encrypt(a, keys_.public_key, *fhe_ctx_);
+  auto enc_b = EncryptedPolynomial::Encrypt(b, keys_.public_key, *fhe_ctx_);
+  ASSERT_TRUE(enc_a.ok() && enc_b.ok());
+  
+  // Test Add
+  auto sum = enc_a.value().Add(enc_b.value(), *fhe_ctx_);
+  ASSERT_TRUE(sum.ok());
+  auto dec_sum = sum.value().Decrypt(keys_.private_key, *fhe_ctx_);
+  ASSERT_TRUE(dec_sum.ok());
+  
+  for (size_t i = 0; i < 4; ++i) {
+    int64_t expected = (a.coefficients()[i] + b.coefficients()[i]) % RingParams::kModulus;
+    EXPECT_EQ(dec_sum.value().coefficients()[i], expected);
+  }
+  
+  // Test Subtract
+  auto diff = enc_a.value().Subtract(enc_b.value(), *fhe_ctx_);
+  ASSERT_TRUE(diff.ok());
+  auto dec_diff = diff.value().Decrypt(keys_.private_key, *fhe_ctx_);
+  ASSERT_TRUE(dec_diff.ok());
+  
+  for (size_t i = 0; i < 4; ++i) {
+    int64_t expected = (a.coefficients()[i] - b.coefficients()[i] + RingParams::kModulus) 
+                       % RingParams::kModulus;
+    EXPECT_EQ(dec_diff.value().coefficients()[i], expected);
+  }
+  
+  // Test MultiplyScalar
+  auto scaled = enc_a.value().MultiplyScalar(3, *fhe_ctx_);
+  ASSERT_TRUE(scaled.ok());
+  auto dec_scaled = scaled.value().Decrypt(keys_.private_key, *fhe_ctx_);
+  ASSERT_TRUE(dec_scaled.ok());
+  
+  for (size_t i = 0; i < 4; ++i) {
+    int64_t expected = (a.coefficients()[i] * 3) % RingParams::kModulus;
+    EXPECT_EQ(dec_scaled.value().coefficients()[i], expected);
+  }
+  
+  // Test Rotate
+  auto rotated = enc_a.value().Rotate(1, *fhe_ctx_);
+  ASSERT_TRUE(rotated.ok());
+  auto dec_rotated = rotated.value().Decrypt(keys_.private_key, *fhe_ctx_);
+  ASSERT_TRUE(dec_rotated.ok());
+  // Just verify decryption succeeds
+  SUCCEED() << "High-level API rotation completed";
+}
+
+// Stress tests for depth-0 operations
+TEST_F(EncryptedPolynomialTest, ManySequentialAdditions) {
+  // Verify depth-0 can handle many sequential additions
+  std::vector<int64_t> base = {1, 1, 1, 1};
+  
+  auto enc = fhe_ctx_->Encrypt(base, keys_.public_key);
+  ASSERT_TRUE(enc.ok());
+  
+  auto result = enc.value();
+  const int num_additions = 20;
+  
+  for (int i = 0; i < num_additions; ++i) {
+    auto sum = fhe_ctx_->HomomorphicAdd(result, enc.value());
+    ASSERT_TRUE(sum.ok()) << "Addition failed at iteration " << i;
+    result = sum.value();
+  }
+  
+  auto dec = fhe_ctx_->Decrypt(result, keys_.private_key);
+  ASSERT_TRUE(dec.ok()) << "Decryption after " << num_additions << " additions failed";
+  
+  // Should be (num_additions + 1) * base
+  int64_t expected_multiplier = num_additions + 1;
+  for (size_t i = 0; i < base.size(); ++i) {
+    int64_t expected = (base[i] * expected_multiplier) % RingParams::kModulus;
+    EXPECT_EQ(dec.value()[i], expected) << "Many additions mismatch at index " << i;
+  }
+}
+
+TEST_F(EncryptedPolynomialTest, MixedOperationsStress) {
+  // Mix different operations in sequence
+  std::vector<int64_t> data = {10, 20, 30};
+  
+  auto enc = fhe_ctx_->Encrypt(data, keys_.public_key);
+  ASSERT_TRUE(enc.ok());
+  
+  // Perform: ((a + a) * 2 - a) + (a * 3)
+  auto sum1 = fhe_ctx_->HomomorphicAdd(enc.value(), enc.value());
+  ASSERT_TRUE(sum1.ok());
+  
+  auto mul1 = fhe_ctx_->HomomorphicMultiplyScalar(sum1.value(), 2);
+  ASSERT_TRUE(mul1.ok());
+  
+  auto sub1 = fhe_ctx_->HomomorphicSubtract(mul1.value(), enc.value());
+  ASSERT_TRUE(sub1.ok());
+  
+  auto mul2 = fhe_ctx_->HomomorphicMultiplyScalar(enc.value(), 3);
+  ASSERT_TRUE(mul2.ok());
+  
+  auto final_result = fhe_ctx_->HomomorphicAdd(sub1.value(), mul2.value());
+  ASSERT_TRUE(final_result.ok());
+  
+  auto dec = fhe_ctx_->Decrypt(final_result.value(), keys_.private_key);
+  ASSERT_TRUE(dec.ok()) << "Mixed operations stress test decryption failed";
+  
+  // Expected: ((2a * 2) - a) + 3a = (4a - a) + 3a = 3a + 3a = 6a
+  for (size_t i = 0; i < data.size(); ++i) {
+    int64_t expected = (data[i] * 6) % RingParams::kModulus;
+    EXPECT_EQ(dec.value()[i], expected) << "Mixed operations mismatch at index " << i;
+  }
+}
+
+// Error handling tests
+TEST_F(EncryptedPolynomialTest, EncryptionWithOversizedInput) {
+  // Test encryption with more coefficients than ring degree
+  std::vector<int64_t> too_large(RingParams::kDegree + 10, 1);
+  
+  auto enc = fhe_ctx_->Encrypt(too_large, keys_.public_key);
+  EXPECT_FALSE(enc.ok()) << "Expected error for oversized input";
+}
+
+TEST_F(EncryptedPolynomialTest, DebugStringNoCrash) {
+  // Verify DebugString doesn't crash or decrypt
+  Polynomial poly({1, 2, 3});
+  auto enc = EncryptedPolynomial::Encrypt(poly, keys_.public_key, *fhe_ctx_);
+  ASSERT_TRUE(enc.ok());
+  
+  std::string debug = enc.value().DebugString();
+  EXPECT_FALSE(debug.empty()) << "DebugString should return non-empty string";
+  EXPECT_NE(debug.find("EncryptedPolynomial"), std::string::npos)
+      << "DebugString should contain class name";
+  
+  // Verify it doesn't contain plaintext data (should only show pointer)
+  EXPECT_EQ(debug.find("1"), std::string::npos) 
+      << "DebugString should not leak plaintext data";
+}
+
 }  // namespace
 }  // namespace f2chat

[coderabbitai]

Here are the copyable unit test edits:

Copyable Edits

test/crypto/encrypted_polynomial_test.cc

@@ -222,5 +222,563 @@
   }
 }
 
+
+// ============================================================================
+// COMPREHENSIVE EDGE CASE AND ERROR HANDLING TESTS
+// ============================================================================
+
+TEST_F(EncryptedPolynomialTest, NegativeScalarMultiplication) {
+  // Test scalar multiplication with negative values
+  std::vector<int64_t> a = {10, 20, 30, 40};
+  int64_t negative_scalar = -3;
+  
+  auto enc_a = fhe_ctx_->Encrypt(a, keys_.public_key);
+  ASSERT_TRUE(enc_a.ok());
+  
+  auto enc_product = fhe_ctx_->HomomorphicMultiplyScalar(enc_a.value(), negative_scalar);
+  ASSERT_TRUE(enc_product.ok()) << "Negative scalar multiplication failed";
+  
+  auto decrypted = fhe_ctx_->Decrypt(enc_product.value(), keys_.private_key);
+  ASSERT_TRUE(decrypted.ok());
+  
+  // Verify: negative scalar * a (with modular arithmetic)
+  for (size_t i = 0; i < a.size(); ++i) {
+    int64_t expected = (a[i] * negative_scalar) % RingParams::kModulus;
+    // Handle negative modulo
+    if (expected < 0) expected += RingParams::kModulus;
+    EXPECT_EQ(decrypted.value()[i], expected) 
+        << "Negative scalar multiplication mismatch at index " << i;
+  }
+}
+
+TEST_F(EncryptedPolynomialTest, ZeroScalarMultiplication) {
+  // Test multiplication by zero
+  std::vector<int64_t> a = {1, 2, 3, 4};
+  int64_t zero_scalar = 0;
+  
+  auto enc_a = fhe_ctx_->Encrypt(a, keys_.public_key);
+  ASSERT_TRUE(enc_a.ok());
+  
+  auto enc_product = fhe_ctx_->HomomorphicMultiplyScalar(enc_a.value(), zero_scalar);
+  ASSERT_TRUE(enc_product.ok()) << "Zero scalar multiplication failed";
+  
+  auto decrypted = fhe_ctx_->Decrypt(enc_product.value(), keys_.private_key);
+  ASSERT_TRUE(decrypted.ok());
+  
+  // All coefficients should be zero
+  for (size_t i = 0; i < a.size(); ++i) {
+    EXPECT_EQ(decrypted.value()[i], 0) 
+        << "Zero scalar multiplication should produce zero at index " << i;
+  }
+}
+
+TEST_F(EncryptedPolynomialTest, IdentityScalarMultiplication) {
+  // Test multiplication by 1 (identity)
+  std::vector<int64_t> a = {42, 100, 255, 1000};
+  int64_t identity_scalar = 1;
+  
+  auto enc_a = fhe_ctx_->Encrypt(a, keys_.public_key);
+  ASSERT_TRUE(enc_a.ok());
+  
+  auto enc_product = fhe_ctx_->HomomorphicMultiplyScalar(enc_a.value(), identity_scalar);
+  ASSERT_TRUE(enc_product.ok());
+  
+  auto decrypted = fhe_ctx_->Decrypt(enc_product.value(), keys_.private_key);
+  ASSERT_TRUE(decrypted.ok());
+  
+  // Should be unchanged
+  for (size_t i = 0; i < a.size(); ++i) {
+    EXPECT_EQ(decrypted.value()[i], a[i]) 
+        << "Identity scalar multiplication changed value at index " << i;
+  }
+}
+
+TEST_F(EncryptedPolynomialTest, LargeScalarMultiplication) {
+  // Test with large scalar values
+  std::vector<int64_t> a = {1, 2, 3, 4};
+  int64_t large_scalar = 1000;
+  
+  auto enc_a = fhe_ctx_->Encrypt(a, keys_.public_key);
+  ASSERT_TRUE(enc_a.ok());
+  
+  auto enc_product = fhe_ctx_->HomomorphicMultiplyScalar(enc_a.value(), large_scalar);
+  ASSERT_TRUE(enc_product.ok()) << "Large scalar multiplication failed";
+  
+  auto decrypted = fhe_ctx_->Decrypt(enc_product.value(), keys_.private_key);
+  ASSERT_TRUE(decrypted.ok());
+  
+  for (size_t i = 0; i < a.size(); ++i) {
+    int64_t expected = (a[i] * large_scalar) % RingParams::kModulus;
+    EXPECT_EQ(decrypted.value()[i], expected) 
+        << "Large scalar multiplication mismatch at index " << i;
+  }
+}
+
+TEST_F(EncryptedPolynomialTest, NegativeRotation) {
+  // Test rotation with negative positions (rotate backwards)
+  std::vector<int64_t> a = {1, 2, 3, 4, 5, 6, 7, 8};
+  int negative_positions = -2;
+  
+  auto enc_a = fhe_ctx_->Encrypt(a, keys_.public_key);
+  ASSERT_TRUE(enc_a.ok());
+  
+  auto enc_rotated = fhe_ctx_->HomomorphicRotate(enc_a.value(), negative_positions);
+  ASSERT_TRUE(enc_rotated.ok()) << "Negative rotation failed";
+  
+  auto decrypted = fhe_ctx_->Decrypt(enc_rotated.value(), keys_.private_key);
+  ASSERT_TRUE(decrypted.ok());
+  
+  // Negative rotation shifts left (backwards)
+  // Position 0 gets value from position (0 - 2) = -2 (wraps around)
+  // Verify first few positions
+  EXPECT_TRUE(decrypted.value().size() >= a.size());
+}
+
+TEST_F(EncryptedPolynomialTest, ZeroRotation) {
+  // Test rotation by zero positions (should be identity)
+  std::vector<int64_t> a = {1, 2, 3, 4, 5, 6, 7, 8};
+  int zero_positions = 0;
+  
+  auto enc_a = fhe_ctx_->Encrypt(a, keys_.public_key);
+  ASSERT_TRUE(enc_a.ok());
+  
+  auto enc_rotated = fhe_ctx_->HomomorphicRotate(enc_a.value(), zero_positions);
+  ASSERT_TRUE(enc_rotated.ok());
+  
+  auto decrypted = fhe_ctx_->Decrypt(enc_rotated.value(), keys_.private_key);
+  ASSERT_TRUE(decrypted.ok());
+  
+  // Should be unchanged
+  for (size_t i = 0; i < a.size(); ++i) {
+    EXPECT_EQ(decrypted.value()[i], a[i]) 
+        << "Zero rotation changed value at index " << i;
+  }
+}
+
+TEST_F(EncryptedPolynomialTest, LargeRotation) {
+  // Test rotation by more than degree positions (should wrap)
+  std::vector<int64_t> a = {1, 2, 3, 4, 5, 6, 7, 8};
+  int large_positions = RingParams::kDegree + 3;
+  
+  auto enc_a = fhe_ctx_->Encrypt(a, keys_.public_key);
+  ASSERT_TRUE(enc_a.ok());
+  
+  auto enc_rotated = fhe_ctx_->HomomorphicRotate(enc_a.value(), large_positions);
+  ASSERT_TRUE(enc_rotated.ok()) << "Large rotation failed";
+  
+  auto decrypted = fhe_ctx_->Decrypt(enc_rotated.value(), keys_.private_key);
+  ASSERT_TRUE(decrypted.ok());
+  
+  // Rotation should wrap around
+  SUCCEED() << "Large rotation completed successfully";
+}
+
+TEST_F(EncryptedPolynomialTest, HomomorphicNegation) {
+  // Test negation: Enc(-a) should decrypt to -a
+  std::vector<int64_t> a = {10, 20, 30, 40};
+  
+  auto enc_a = fhe_ctx_->Encrypt(a, keys_.public_key);
+  ASSERT_TRUE(enc_a.ok());
+  
+  // Create EncryptedPolynomial wrapper
+  Polynomial poly(a);
+  auto enc_poly_or = EncryptedPolynomial::Encrypt(poly, keys_.public_key, *fhe_ctx_);
+  ASSERT_TRUE(enc_poly_or.ok());
+  
+  auto negated_or = enc_poly_or.value().Negate(*fhe_ctx_);
+  ASSERT_TRUE(negated_or.ok()) << "Negation failed: " << negated_or.status();
+  
+  auto decrypted = negated_or.value().Decrypt(keys_.private_key, *fhe_ctx_);
+  ASSERT_TRUE(decrypted.ok());
+  
+  // Verify negation
+  for (size_t i = 0; i < a.size(); ++i) {
+    int64_t expected = (-a[i]) % RingParams::kModulus;
+    if (expected < 0) expected += RingParams::kModulus;
+    EXPECT_EQ(decrypted.value().coefficients()[i], expected) 
+        << "Negation mismatch at index " << i;
+  }
+}
+
+TEST_F(EncryptedPolynomialTest, SubtractionViaAddNegation) {
+  // Verify that a - b == a + (-b)
+  std::vector<int64_t> a = {100, 200, 300, 400};
+  std::vector<int64_t> b = {10, 20, 30, 40};
+  
+  Polynomial poly_a(a);
+  Polynomial poly_b(b);
+  
+  auto enc_a = EncryptedPolynomial::Encrypt(poly_a, keys_.public_key, *fhe_ctx_);
+  auto enc_b = EncryptedPolynomial::Encrypt(poly_b, keys_.public_key, *fhe_ctx_);
+  ASSERT_TRUE(enc_a.ok() && enc_b.ok());
+  
+  // Method 1: Direct subtraction
+  auto diff1_or = enc_a.value().Subtract(enc_b.value(), *fhe_ctx_);
+  ASSERT_TRUE(diff1_or.ok());
+  
+  // Method 2: Add negation
+  auto neg_b_or = enc_b.value().Negate(*fhe_ctx_);
+  ASSERT_TRUE(neg_b_or.ok());
+  auto diff2_or = enc_a.value().Add(neg_b_or.value(), *fhe_ctx_);
+  ASSERT_TRUE(diff2_or.ok());
+  
+  // Both methods should give same result
+  auto dec1 = diff1_or.value().Decrypt(keys_.private_key, *fhe_ctx_);
+  auto dec2 = diff2_or.value().Decrypt(keys_.private_key, *fhe_ctx_);
+  ASSERT_TRUE(dec1.ok() && dec2.ok());
+  
+  for (size_t i = 0; i < a.size(); ++i) {
+    EXPECT_EQ(dec1.value().coefficients()[i], dec2.value().coefficients()[i])
+        << "Subtraction methods disagree at index " << i;
+  }
+}
+
+TEST_F(EncryptedPolynomialTest, CharacterProjectionAllCharacters) {
+  // Test projecting onto all characters
+  Polynomial poly({1, 2, 3, 4, 5, 6, 7, 8});
+  
+  auto enc_poly_or = EncryptedPolynomial::Encrypt(poly, keys_.public_key, *fhe_ctx_);
+  ASSERT_TRUE(enc_poly_or.ok());
+  
+  // Project onto all characters
+  auto projections_or = enc_poly_or.value().ProjectToAllCharacters(*fhe_ctx_);
+  ASSERT_TRUE(projections_or.ok()) << "ProjectToAllCharacters failed: " 
+                                    << projections_or.status();
+  
+  const auto& projections = projections_or.value();
+  EXPECT_EQ(projections.size(), static_cast<size_t>(RingParams::kNumCharacters))
+      << "Should return one projection per character";
+  
+  // Verify each projection can be decrypted
+  for (int i = 0; i < RingParams::kNumCharacters; ++i) {
+    auto decrypted = projections[i].Decrypt(keys_.private_key, *fhe_ctx_);
+    ASSERT_TRUE(decrypted.ok()) << "Failed to decrypt projection " << i;
+  }
+}
+
+TEST_F(EncryptedPolynomialTest, CharacterProjectionBoundaryCharacters) {
+  // Test character projection at boundary indices
+  Polynomial poly({1, 2, 3, 4, 5, 6, 7, 8});
+  auto enc_poly_or = EncryptedPolynomial::Encrypt(poly, keys_.public_key, *fhe_ctx_);
+  ASSERT_TRUE(enc_poly_or.ok());
+  
+  // Test first character (index 0)
+  auto proj0_or = enc_poly_or.value().ProjectToCharacter(0, *fhe_ctx_);
+  ASSERT_TRUE(proj0_or.ok()) << "Character 0 projection failed";
+  
+  // Test last valid character
+  int last_char = RingParams::kNumCharacters - 1;
+  auto proj_last_or = enc_poly_or.value().ProjectToCharacter(last_char, *fhe_ctx_);
+  ASSERT_TRUE(proj_last_or.ok()) << "Last character projection failed";
+  
+  // Both should decrypt successfully
+  auto dec0 = proj0_or.value().Decrypt(keys_.private_key, *fhe_ctx_);
+  auto dec_last = proj_last_or.value().Decrypt(keys_.private_key, *fhe_ctx_);
+  ASSERT_TRUE(dec0.ok() && dec_last.ok());
+}
+
+TEST_F(EncryptedPolynomialTest, CharacterProjectionInvalidIndex) {
+  // Test error handling for invalid character indices
+  Polynomial poly({1, 2, 3, 4});
+  auto enc_poly_or = EncryptedPolynomial::Encrypt(poly, keys_.public_key, *fhe_ctx_);
+  ASSERT_TRUE(enc_poly_or.ok());
+  
+  // Test negative index
+  auto proj_neg = enc_poly_or.value().ProjectToCharacter(-1, *fhe_ctx_);
+  EXPECT_FALSE(proj_neg.ok());
+  EXPECT_EQ(proj_neg.status().code(), absl::StatusCode::kInvalidArgument);
+  
+  // Test index too large
+  auto proj_large = enc_poly_or.value().ProjectToCharacter(
+      RingParams::kNumCharacters, *fhe_ctx_);
+  EXPECT_FALSE(proj_large.ok());
+  EXPECT_EQ(proj_large.status().code(), absl::StatusCode::kInvalidArgument);
+  
+  // Test way out of bounds
+  auto proj_huge = enc_poly_or.value().ProjectToCharacter(999, *fhe_ctx_);
+  EXPECT_FALSE(proj_huge.ok());
+  EXPECT_EQ(proj_huge.status().code(), absl::StatusCode::kInvalidArgument);
+}
+
+TEST_F(EncryptedPolynomialTest, EncryptEmptyPolynomial) {
+  // Test encrypting polynomial with no coefficients
+  Polynomial empty_poly(std::vector<int64_t>{});
+  
+  auto enc_or = EncryptedPolynomial::Encrypt(empty_poly, keys_.public_key, *fhe_ctx_);
+  ASSERT_TRUE(enc_or.ok()) << "Empty polynomial encryption failed";
+  
+  auto decrypted = enc_or.value().Decrypt(keys_.private_key, *fhe_ctx_);
+  ASSERT_TRUE(decrypted.ok());
+}
+
+TEST_F(EncryptedPolynomialTest, EncryptSingleCoefficient) {
+  // Test encrypting polynomial with single coefficient
+  Polynomial single_poly({42});
+  
+  auto enc_or = EncryptedPolynomial::Encrypt(single_poly, keys_.public_key, *fhe_ctx_);
+  ASSERT_TRUE(enc_or.ok());
+  
+  auto decrypted = enc_or.value().Decrypt(keys_.private_key, *fhe_ctx_);
+  ASSERT_TRUE(decrypted.ok());
+  EXPECT_EQ(decrypted.value().coefficients()[0], 42);
+}
+
+TEST_F(EncryptedPolynomialTest, EncryptMaxDegreePolynomial) {
+  // Test encrypting polynomial with maximum degree
+  std::vector<int64_t> coeffs(RingParams::kDegree);
+  for (int i = 0; i < RingParams::kDegree; ++i) {
+    coeffs[i] = i + 1;
+  }
+  Polynomial max_poly(coeffs);
+  
+  auto enc_or = EncryptedPolynomial::Encrypt(max_poly, keys_.public_key, *fhe_ctx_);
+  ASSERT_TRUE(enc_or.ok()) << "Max degree polynomial encryption failed";
+  
+  auto decrypted = enc_or.value().Decrypt(keys_.private_key, *fhe_ctx_);
+  ASSERT_TRUE(decrypted.ok());
+  
+  // Verify first few coefficients
+  for (int i = 0; i < std::min(8, RingParams::kDegree); ++i) {
+    EXPECT_EQ(decrypted.value().coefficients()[i], i + 1);
+  }
+}
+
+TEST_F(EncryptedPolynomialTest, ModularArithmeticOverflow) {
+  // Test that operations handle modular overflow correctly
+  std::vector<int64_t> large_vals = {
+    RingParams::kModulus - 1,
+    RingParams::kModulus - 2,
+    RingParams::kModulus - 3,
+    RingParams::kModulus - 4
+  };
+  
+  auto enc = fhe_ctx_->Encrypt(large_vals, keys_.public_key);
+  ASSERT_TRUE(enc.ok());
+  
+  // Add 10 to trigger overflow
+  auto ten_enc = fhe_ctx_->Encrypt({10, 10, 10, 10}, keys_.public_key);
+  ASSERT_TRUE(ten_enc.ok());
+  
+  auto sum = fhe_ctx_->HomomorphicAdd(enc.value(), ten_enc.value());
+  ASSERT_TRUE(sum.ok());
+  
+  auto decrypted = fhe_ctx_->Decrypt(sum.value(), keys_.private_key);
+  ASSERT_TRUE(decrypted.ok());
+  
+  // Verify modular reduction
+  for (size_t i = 0; i < large_vals.size(); ++i) {
+    int64_t expected = (large_vals[i] + 10) % RingParams::kModulus;
+    EXPECT_EQ(decrypted.value()[i], expected)
+        << "Modular overflow not handled correctly at index " << i;
+  }
+}
+
+TEST_F(EncryptedPolynomialTest, ChainedOperationsStressTest) {
+  // Stress test: chain many operations to verify depth-0 stability
+  std::vector<int64_t> initial = {1, 2, 3, 4};
+  
+  auto enc = fhe_ctx_->Encrypt(initial, keys_.public_key);
+  ASSERT_TRUE(enc.ok());
+  
+  auto result = enc.value();
+  
+  // Chain 20 operations of various types
+  for (int i = 0; i < 10; ++i) {
+    // Add
+    auto added = fhe_ctx_->HomomorphicAdd(result, enc.value());
+    ASSERT_TRUE(added.ok()) << "Add failed at iteration " << i;
+    result = added.value();
+    
+    // Rotate
+    auto rotated = fhe_ctx_->HomomorphicRotate(result, 1);
+    ASSERT_TRUE(rotated.ok()) << "Rotate failed at iteration " << i;
+    result = rotated.value();
+  }
+  
+  // Should still decrypt successfully
+  auto decrypted = fhe_ctx_->Decrypt(result, keys_.private_key);
+  ASSERT_TRUE(decrypted.ok()) << "Decryption failed after chained operations";
+}
+
+TEST_F(EncryptedPolynomialTest, CommutativityOfAddition) {
+  // Verify Enc(a) + Enc(b) == Enc(b) + Enc(a)
+  std::vector<int64_t> a = {1, 2, 3, 4};
+  std::vector<int64_t> b = {10, 20, 30, 40};
+  
+  auto enc_a = fhe_ctx_->Encrypt(a, keys_.public_key);
+  auto enc_b = fhe_ctx_->Encrypt(b, keys_.public_key);
+  ASSERT_TRUE(enc_a.ok() && enc_b.ok());
+  
+  // a + b
+  auto sum1 = fhe_ctx_->HomomorphicAdd(enc_a.value(), enc_b.value());
+  ASSERT_TRUE(sum1.ok());
+  
+  // b + a
+  auto sum2 = fhe_ctx_->HomomorphicAdd(enc_b.value(), enc_a.value());
+  ASSERT_TRUE(sum2.ok());
+  
+  auto dec1 = fhe_ctx_->Decrypt(sum1.value(), keys_.private_key);
+  auto dec2 = fhe_ctx_->Decrypt(sum2.value(), keys_.private_key);
+  ASSERT_TRUE(dec1.ok() && dec2.ok());
+  
+  // Should be equal
+  for (size_t i = 0; i < a.size(); ++i) {
+    EXPECT_EQ(dec1.value()[i], dec2.value()[i])
+        << "Addition is not commutative at index " << i;
+  }
+}
+
+TEST_F(EncryptedPolynomialTest, AssociativityOfAddition) {
+  // Verify (Enc(a) + Enc(b)) + Enc(c) == Enc(a) + (Enc(b) + Enc(c))
+  std::vector<int64_t> a = {1, 2, 3, 4};
+  std::vector<int64_t> b = {10, 20, 30, 40};
+  std::vector<int64_t> c = {100, 200, 300, 400};
+  
+  auto enc_a = fhe_ctx_->Encrypt(a, keys_.public_key);
+  auto enc_b = fhe_ctx_->Encrypt(b, keys_.public_key);
+  auto enc_c = fhe_ctx_->Encrypt(c, keys_.public_key);
+  ASSERT_TRUE(enc_a.ok() && enc_b.ok() && enc_c.ok());
+  
+  // (a + b) + c
+  auto ab = fhe_ctx_->HomomorphicAdd(enc_a.value(), enc_b.value());
+  ASSERT_TRUE(ab.ok());
+  auto abc1 = fhe_ctx_->HomomorphicAdd(ab.value(), enc_c.value());
+  ASSERT_TRUE(abc1.ok());
+  
+  // a + (b + c)
+  auto bc = fhe_ctx_->HomomorphicAdd(enc_b.value(), enc_c.value());
+  ASSERT_TRUE(bc.ok());
+  auto abc2 = fhe_ctx_->HomomorphicAdd(enc_a.value(), bc.value());
+  ASSERT_TRUE(abc2.ok());
+  
+  auto dec1 = fhe_ctx_->Decrypt(abc1.value(), keys_.private_key);
+  auto dec2 = fhe_ctx_->Decrypt(abc2.value(), keys_.private_key);
+  ASSERT_TRUE(dec1.ok() && dec2.ok());
+  
+  // Should be equal
+  for (size_t i = 0; i < a.size(); ++i) {
+    EXPECT_EQ(dec1.value()[i], dec2.value()[i])
+        << "Addition is not associative at index " << i;
+  }
+}
+
+TEST_F(EncryptedPolynomialTest, DistributivityOfScalarMultiplication) {
+  // Verify k * (Enc(a) + Enc(b)) == k*Enc(a) + k*Enc(b)
+  std::vector<int64_t> a = {1, 2, 3, 4};
+  std::vector<int64_t> b = {10, 20, 30, 40};
+  int64_t k = 5;
+  
+  auto enc_a = fhe_ctx_->Encrypt(a, keys_.public_key);
+  auto enc_b = fhe_ctx_->Encrypt(b, keys_.public_key);
+  ASSERT_TRUE(enc_a.ok() && enc_b.ok());
+  
+  // k * (a + b)
+  auto sum = fhe_ctx_->HomomorphicAdd(enc_a.value(), enc_b.value());
+  ASSERT_TRUE(sum.ok());
+  auto k_sum = fhe_ctx_->HomomorphicMultiplyScalar(sum.value(), k);
+  ASSERT_TRUE(k_sum.ok());
+  
+  // k*a + k*b
+  auto ka = fhe_ctx_->HomomorphicMultiplyScalar(enc_a.value(), k);
+  auto kb = fhe_ctx_->HomomorphicMultiplyScalar(enc_b.value(), k);
+  ASSERT_TRUE(ka.ok() && kb.ok());
+  auto ka_kb = fhe_ctx_->HomomorphicAdd(ka.value(), kb.value());
+  ASSERT_TRUE(ka_kb.ok());
+  
+  auto dec1 = fhe_ctx_->Decrypt(k_sum.value(), keys_.private_key);
+  auto dec2 = fhe_ctx_->Decrypt(ka_kb.value(), keys_.private_key);
+  ASSERT_TRUE(dec1.ok() && dec2.ok());
+  
+  // Should be equal
+  for (size_t i = 0; i < a.size(); ++i) {
+    EXPECT_EQ(dec1.value()[i], dec2.value()[i])
+        << "Distributivity fails at index " << i;
+  }
+}
+
+TEST_F(EncryptedPolynomialTest, DebugStringFormat) {
+  // Test DebugString doesn't crash and has expected format
+  Polynomial poly({1, 2, 3, 4});
+  auto enc_poly_or = EncryptedPolynomial::Encrypt(poly, keys_.public_key, *fhe_ctx_);
+  ASSERT_TRUE(enc_poly_or.ok());
+  
+  std::string debug_str = enc_poly_or.value().DebugString();
+  
+  // Should contain "EncryptedPolynomial" and not crash
+  EXPECT_TRUE(debug_str.find("EncryptedPolynomial") != std::string::npos)
+      << "DebugString should contain class name";
+  EXPECT_FALSE(debug_str.empty())
+      << "DebugString should not be empty";
+  
+  // Should NOT contain decrypted values (security check)
+  EXPECT_TRUE(debug_str.find("1") == std::string::npos ||
+              debug_str.find("ciphertext") != std::string::npos)
+      << "DebugString should not leak plaintext values";
+}
+
+TEST_F(EncryptedPolynomialTest, MultipleEncryptionsProduceDifferentCiphertexts) {
+  // Verify that encrypting same plaintext twice gives different ciphertexts
+  // (due to randomness in encryption)
+  Polynomial poly({1, 2, 3, 4});
+  
+  auto enc1_or = EncryptedPolynomial::Encrypt(poly, keys_.public_key, *fhe_ctx_);
+  auto enc2_or = EncryptedPolynomial::Encrypt(poly, keys_.public_key, *fhe_ctx_);
+  ASSERT_TRUE(enc1_or.ok() && enc2_or.ok());
+  
+  // Ciphertexts should be different objects (randomized encryption)
+  // We can't directly compare ciphertext values, but we can verify both decrypt correctly
+  auto dec1 = enc1_or.value().Decrypt(keys_.private_key, *fhe_ctx_);
+  auto dec2 = enc2_or.value().Decrypt(keys_.private_key, *fhe_ctx_);
+  ASSERT_TRUE(dec1.ok() && dec2.ok());
+  
+  // Both should decrypt to same plaintext
+  for (size_t i = 0; i < 4; ++i) {
+    EXPECT_EQ(dec1.value().coefficients()[i], dec2.value().coefficients()[i]);
+  }
+}
+
+TEST_F(EncryptedPolynomialTest, EncryptionWithZeroCoefficients) {
+  // Test encrypting polynomial with some zero coefficients
+  std::vector<int64_t> coeffs = {0, 1, 0, 2, 0, 3, 0, 0};
+  Polynomial poly(coeffs);
+  
+  auto enc_or = EncryptedPolynomial::Encrypt(poly, keys_.public_key, *fhe_ctx_);
+  ASSERT_TRUE(enc_or.ok());
+  
+  auto decrypted = enc_or.value().Decrypt(keys_.private_key, *fhe_ctx_);
+  ASSERT_TRUE(decrypted.ok());
+  
+  // Verify zeros are preserved
+  EXPECT_EQ(decrypted.value().coefficients()[0], 0);
+  EXPECT_EQ(decrypted.value().coefficients()[2], 0);
+  EXPECT_EQ(decrypted.value().coefficients()[4], 0);
+}
+
+TEST_F(EncryptedPolynomialTest, CharacterProjectionIdempotence) {
+  // Test that projecting twice onto same character gives consistent results
+  Polynomial poly({1, 2, 3, 4, 5, 6, 7, 8});
+  
+  auto enc_poly_or = EncryptedPolynomial::Encrypt(poly, keys_.public_key, *fhe_ctx_);
+  ASSERT_TRUE(enc_poly_or.ok());
+  
+  // First projection
+  auto proj1_or = enc_poly_or.value().ProjectToCharacter(1, *fhe_ctx_);
+  ASSERT_TRUE(proj1_or.ok());
+  
+  // Project the projection again
+  auto proj2_or = proj1_or.value().ProjectToCharacter(1, *fhe_ctx_);
+  ASSERT_TRUE(proj2_or.ok());
+  
+  // Decrypt both
+  auto dec1 = proj1_or.value().Decrypt(keys_.private_key, *fhe_ctx_);
+  auto dec2 = proj2_or.value().Decrypt(keys_.private_key, *fhe_ctx_);
+  ASSERT_TRUE(dec1.ok() && dec2.ok());
+  
+  // Results should be related (projecting projection may differ mathematically)
+  // Just verify both operations succeed
+  SUCCEED() << "Double projection completed successfully";
+}
+
+
 }  // namespace
 }  // namespace f2chat