Open bencrts opened 1 year ago
Something seems off about your example? But wouldn't this also be solved by documenting "pick the lowest of these"? I'm mostly concerned that if we make it "too easy" then people might use it without understanding what they're doing? But maybe that fear is overblown?
Good spot, copy/paste error -- fixed it. Another option could be to have an est.simple()
method which removes all the attack parameters and returns only rop
values for each attack, e.g:
bkw :: rop: ≈2^153.1
usvp :: rop: ≈2^124.5
bdd :: rop: ≈2^131.0
bdd_hybrid :: rop: ≈2^185.3
bdd_mitm_hybrid :: rop: ≈2^265.5
dual :: rop: ≈2^128.7
dual_hybrid :: rop: ≈2^119.8
which might also address your concern. I don't feel particularly strongly about this, I just mentioned at the FHE.org event that I would open an issue and completely forgot to do it until now.
Do we think this would make much of a difference since we already list rop
first? I honestly don't know! Maybe other people would like to chime in on this discussion? So perhaps we leave this ticket open and when the issue comes up again, you direct people to voice their preferences here?
Works for me!
Hi,
A simplified output is good. Focusing is important, giving the new users the first glimpse of the hardness. At first, when looking at the output, I was totally confused, trying to figuring out the meanings of each output param. it's like INFO, DEBUG mode output switch. So INFO should be the default option.
BR
Good spot, copy/paste error -- fixed it. Another option could be to have an
est.simple()
method which removes all the attack parameters and returns onlyrop
values for each attack, e.g:bkw :: rop: ≈2^153.1 usvp :: rop: ≈2^124.5 bdd :: rop: ≈2^131.0 bdd_hybrid :: rop: ≈2^185.3 bdd_mitm_hybrid :: rop: ≈2^265.5 dual :: rop: ≈2^128.7 dual_hybrid :: rop: ≈2^119.8
which might also address your concern. I don't feel particularly strongly about this, I just mentioned at the FHE.org event that I would open an issue and completely forgot to do it until now.
And a first title line would look even better.
ALGORITHM NAME :: rop: (-bits security) bkw :: rop: ≈2^153.1 usvp :: rop: ≈2^124.5 bdd :: rop: ≈2^131.0 bdd_hybrid :: rop: ≈2^185.3 bdd_mitm_hybrid :: rop: ≈2^265.5 dual :: rop: ≈2^128.7 dual_hybrid :: rop: ≈2^119.8
This was mentioned by Nigel at the first FHE.org conference: it might be nice to have a way to switch on a simplified output which just gives you a security level. Perhaps we could add something like:
This would be used like:
to let users turn their cost strings into a security level value.