Hello everyone.

I have a generic FHE question on security bits.

What does it mean when we want the parameter \gamma=128 bits?

What does \gamma represent in practice? The length of the secret key?

Hello everyone.

I have a generic FHE question on security bits.

What does it mean when we want the parameter \gamma=128 bits?

What does \gamma represent in practice? The length of the secret key?

\lambda is the security level measured in bits which denotes the log_2{} number of elementary operations the adversary needs to do to break the system by the most efficient known lattice attack with probability 1. For \lambda = 128, the adversary would need 2^{128} elementary operations to break the cryptosystem with probability 1.

Note that in OpenFHE, the secret key length is not equal to \lambda, it is actually larger than that and it depends on multiple factors.

More on this can be found here.

Thank you, now it is clearer. One last question: in order to obtain the value of \gamma for a given crypto context how should we do it? log2 of the modulus q ?

That depends on the scheme parameters and the attack used to break it.

There are open-source tools that can compute \lambda for you. Check this.

Theoretical details can be found in the referenced paper above.

1 Like

By using a CKKSRNS with ring dim of 2^16 and sparse packing (2^14), is my LWE instance correct like this:

`LWEParameters(n=16384, q=65536, Xs=D(σ=3.19), Xe=D(σ=3.19))`

?

I suggest asking this question at GitHub - malb/lattice-estimator: An attempt at a new LWE estimator, as it is specific the `lattice estimator`

tool.