snucrypto / HEAAN

Other
359 stars 94 forks source link

How to compute security level when setting bigger ciphertext modulus? #51

Closed WeiBenqiang closed 3 years ago

WeiBenqiang commented 3 years ago

long logq = 300; ///< Ciphertext modulus (this value s**hould be <=** logQ in "scr/Params.h") But in scr/Params.h", static const long logQ = 800; // 128-bit security Therefore, my question is when I need a bigger ciphertext modulus,i.e. 2000, how to compute security level or set other parameters given security level? THX!

imtiyazuddin commented 3 years ago

I have the same doubt, please !!! If we see sagemathcell implementation of tester for checking security levels for given paramters, as we increase logq for same n value, it says security level also increases. is this true?? If so why not just set n to 1024 and increase only logq to meet different application requirements.

bencrts commented 3 years ago

long logq = 300; ///< Ciphertext modulus (this value s**hould be <=** logQ in "scr/Params.h") But in scr/Params.h", static const long logQ = 800; // 128-bit security Therefore, my question is when I need a bigger ciphertext modulus,i.e. 2000, how to compute security level or set other parameters given security level? THX!

You could use the LWE Estimator to compute the security levels. There are some usage examples on the repository -- note that for sparse secrets you will need to pass secret_distribution = ((-1,1),h), where h is the Hamming weight of the secret you are using.

I have the same doubt, please !!! If we see sagemathcell implementation of tester for checking security levels for given paramters, as we increase logq for same n value, it says security level also increases. is this true?? If so why not just set n to 1024 and increase only logq to meet different application requirements.

Generally, for a fixed value of (n, sigma, secret_distribution), increasing q will lower the security level. This behaviour can be seen in the HE Security Standard (see e.g. Table 1 on page 26/27).

swanhong commented 3 years ago

In addition to @bencrts's answer, you can find the concrete parameters in 2021/039 that considering the most recent LWE attacks for the ternary sparse secrets.

imtiyazuddin commented 3 years ago

what is the value of alpha in HEAAN library??