search

homenc / HElib

HElib is an open-source software library that implements homomorphic encryption. It supports the BGV scheme with bootstrapping and the Approximate Number CKKS scheme. HElib also includes optimizations for efficient homomorphic evaluation, focusing on effective use of ciphertext packing techniques and on the Gentry-Halevi-Smart optimizations.
https://homenc.github.io/HElib
Other
3.14k stars 765 forks source link

How to choose the value of m ? #126

Open xiaolixiaoyi opened 7 years ago

xiaolixiaoyi commented 7 years ago

I'm trying HElib, but when I do tests, something confuses me. In Test_Timing.cpp, there are multiple values for m (4051, 4369, 4859...). What value of m is proper for real-world applications? Do different values of m mean different level of security?

Thank you!

shaih commented 7 years ago

The value of m does influence the security level, but the relation is not so obvious. At a high level, for a fixed value of L (depth of the circuit to be computed), security level increases linearly with phi(m) (which is somewhat similar to m). You can call context.securityLevel() to get an estimate for the level of security that you get for a given setting of the parameters.

What m is needed depends on how deep are the circuits that you want to compute (and also on other parameters, but to a lesser extent). m~4000 is only good for very shallow circuits (maybe depth<=4 or so). Very roughly speaking, the order of magnitude is m~1000*depth.

The different m's also have other (algebraic) properties that may be useful for specific applications, related to the techniques of packing many plaintext elements in a single ciphertext. You can read more about it in the design document.

xiaolixiaoyi commented 7 years ago

Thank you very much!