chore(docs): add example estimator call to docs #2690
Conversation
|
If you're new to commit signing, there are different ways to set it up: Sign commits with
|
|
rebased as requested @nsarlin-zama :) |
| ## Security | ||
|
|
||
| By default, the cryptographic parameters provided by **TFHE-rs** ensure at least 128 bits of security. The security has been evaluated using the latest versions of the Lattice Estimator ([repository](https://github.com/malb/lattice-estimator)) with `red_cost_model = reduction.RC.BDGL16`. | ||
| By default, the cryptographic parameters provided by **TFHE-rs** ensure at least 128 bits of security. The security has been evaluated using the latest version of the Lattice Estimator ([repository](https://github.com/malb/lattice-estimator)) with `red_cost_model = reduction.MATZOV` which is currently the default cost model. To estimate the security of a TFHE-rs parameter set such as `V1_1_PARAM_MESSAGE_1_CARRY_1_KS_PBS_TUNIFORM_2M128`, the Lattice Estimator can be called in the following way: |
There was a problem hiding this comment.
let's give the commit for the "latest" lattice estimator, since we fix it
|
|
||
| ``` | ||
| from estimator import * | ||
| params_lwe = LWE.Parameters(n=879, q=2**64, Xs=ND.Binary, Xe=ND.TUniform(46)) |
There was a problem hiding this comment.
that's interesting I think we were computing the conversion by hand to a gaussian, should we change that for our security checks ?
There was a problem hiding this comment.
Answer : yes would be nice to update
| LWE.estimate(params_lwe, deny_list=("arora-gb", "bkw")) | ||
| ``` | ||
|
|
||
| The output corresponds to a selection of attack costs (`usvp`, `bdd`, etc), each with running time `rop`. The security level is the `log2` of the smallest `rop` value (in this case `dual_hybrid` with `2^134.8`). Therefore, the security level of this parameter set is ~134 bits. The same technique can be applied to the GLWE parameters by replacing the LWE dimension `879` by `k*N = 512*4`, i.e. `n=2048` and `Xe=ND.TUniform(46)` by `Xe = ND.TUniform(17)`. |
There was a problem hiding this comment.
replicating the relevant values for a given parameter set could be welcome since this seems a bit in a "vacuum" without the parameter replicated here
|
this will need to be re-pushed without closing the PR, looks like the actions job tracking is having a hard time |
bencrts
force-pushed
the
bc/docs
branch
2 times, most recently
from
4cd9493 to
4d74b68
Compare
|
|
||
| ``` | ||
| from estimator import * | ||
| params_lwe = LWE.Parameters(n=879, q=2**64, Xs=ND.Binary, Xe=ND.TUniform(46)) |
There was a problem hiding this comment.
Answer : yes would be nice to update
IceTDrinker
left a comment
IceTDrinker
left a comment
There was a problem hiding this comment.
actions run for the updated lattice estimator : https://github.com/zama-ai/tfhe-rs/actions/runs/19039244085 let's wait for this to be green to merge, otherwise looks good thanks !
@IceTDrinker reviewed 1 of 1 files at r2.
Reviewable status: 1 of 2 files reviewed, 1 unresolved discussion (waiting on @bencrts and @soonum)
4 participants
closes: please link all relevant issues
PR content/description
Check-list:
This change is