What happens if the security-level < 0？

[Ldisi]

Hi!I am new to the new version. In helb_example.cpp m=32109, it runs slowly. So I change m to 4, it seem that pragrams runs much faster than before but security-level < 0. What happens if the security-level < 0？Does this mean the scheme is unsafe？

[boev]

Yes. I think (not completely certain) m = 4 leaves us with very small polynomial ring and one could try different bruteforce approaches. Guessing the added error (including position where its added), would allow you to round and decrypt even without the secret key. And there are different ways to check if your decrypted result is correct. This work has helped me visualize RLWE encryption/decryption: https://blog.n1analytics.com/homomorphic-encryption-illustrated-primer/

[Ldisi]

THX！

------------------ Original ------------------ From: Yordan Boev notifications@github.com Date: Thu,Jul 4,2019 5:42 PM To: homenc/HElib HElib@noreply.github.com Cc: Ldisi 1725983010@qq.com, Author author@noreply.github.com Subject: Re: [homenc/HElib] What happens if the security-level < 0？ (#308)

Yes. I think m = 4 leaves us with very small polynomial ring and one could try different bruteforce approaches. Guessing the added error (including position where its added), would allow you to round and decrypt even without the secret key. And there are different ways to check if your decrypted result is correct. This work has helped me visualize RLWE encryption/decryption: https://blog.n1analytics.com/homomorphic-encryption-illustrated-primer/

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.

[shaih]

any security-level value less than 64 (including negative values) basically mean no security at all, there are easy attacks that will recover the secret decryption key from the public key. To get real security you need the security level to be above 100