Security curves
To select secure cryptographic parameters for usage in Concrete, we utilize the Lattice-Estimator. In particular, we use the following workflow:
Data Acquisition
Model Verification.
These models are then used as input for Concrete, to ensure that the parameter space explored by the compiler attains the required security level. Note that we consider the RC.BDGL16
lattice reduction cost model within the Lattice Estimator. Therefore, when computing our security estimates, we use the call LWE.estimate(params, red_cost_model = RC.BDGL16)
on the input parameter set params
.
Usage
To generate the raw data from the lattice estimator, use::
To compare the current curves with the output of the lattice estimator, use:
this will compare the four curves generated above against the output of the version of the lattice estimator found in the third_party folder.
To generate the associated cpp and rust code, use::
further advanced options can be found inside the Makefile.
Example
To look at the raw data gathered in step 1., we can look in the sage-object folder. These objects can be loaded in the following way using SageMath:
To view the interpolated curves we load the verified_curves.sobj
object inside the sage-object folder.
This object is a tuple containing the information required for the four security curves ({80, 112, 128, 192} bits of security). Looking at one of the entries:
Last updated