How can i achieve 80-bit classic security in CKKS

oksuman · December 22, 2023, 8:21am

Hello.

I would like to set the parameters (multiplicative depth, ring dimension, etc.) for achieving 80-bit security in CKKS. For security levels of 128, 192, and 256 bits, I was able to use the SecurityLevel parameter in the OpenFHE library or reference standard.

However, when aiming for 80-bit security, I am unsure how to verify whether my parameter set meets the required security level. For instance, if I set the multiplicative depth to 30 and the ring dimension to 65536, is this appropriate for 80-bit security? I need assistance in choosing the right parameters.

Thank you for reading.

ypolyakov · December 22, 2023, 10:16pm

You can set the security level in OpenFHE to HEStd_NotSet and set the ring dimension yourself. Note that in this case you should find parameters yourself (outside OpenFHE). The standard tool to estimate the work factor for given parameters is the lattice estimator.

Topic		Replies	Views
OpenFHE CKKS chooses modulus chain that doesn't guarantee 128 bits of security Library Questions	6	488	March 13, 2023
Setting security parameters according to 128 bit security (very small CKKS scaling factor) Library Questions	10	596	March 27, 2023
Bug in security level? Library Questions bugs	1	135	October 13, 2023
Possible suggestion regarding security level feedback Library Questions feature-requests	1	82	November 17, 2023
Why do my parameters not comply with 128 bit security? FHE Questions	1	258	March 27, 2023

How can i achieve 80-bit classic security in CKKS

Related Topics