Open xiaolixiaoyi opened 7 years ago
The value of m does influence the security level, but the relation is not so obvious. At a high level, for a fixed value of L (depth of the circuit to be computed), security level increases linearly with phi(m) (which is somewhat similar to m). You can call context.securityLevel() to get an estimate for the level of security that you get for a given setting of the parameters.
What m is needed depends on how deep are the circuits that you want to compute (and also on other parameters, but to a lesser extent). m~4000 is only good for very shallow circuits (maybe depth<=4 or so). Very roughly speaking, the order of magnitude is m~1000*depth.
The different m's also have other (algebraic) properties that may be useful for specific applications, related to the techniques of packing many plaintext elements in a single ciphertext. You can read more about it in the design document.
Thank you very much!
I'm trying HElib, but when I do tests, something confuses me. In Test_Timing.cpp, there are multiple values for m (4051, 4369, 4859...). What value of m is proper for real-world applications? Do different values of m mean different level of security?
Thank you!