As a beginner, I am confused when determin security level \lambda.
Although the manual demonstrates that \lambda is determined by ring dimension N, modulu q, and error, I have no idea how they work.
Is there a function showing how to calculate the security level \lambda by these parameters?
A good source is the homomorphic encryption standard at http://homomorphicencryption.org/wp-content/uploads/2018/11/HomomorphicEncryptionStandardv1.1.pdf In practice, pre-built tables are often used, e.g., OpenFHE uses Table 1. The table there is generated for \sigma=3.19.
If you need custom parameters, i.e., a higher \sigma or a security level different from 128, 192, and 256 bits, then you can use the lattice estimator at GitHub - malb/lattice-estimator: An attempt at a new LWE estimator
There is no simple analytical expression (the only certain fact is that q/\sigma is one parameter), as shown in On the Feasibility and Impact of Standardising Sparse-secret LWE Parameter Sets for Homomorphic Encryption. I also recommend reading the latter paper for more details.
Thanks a lot!
I roughly comprehend the relationship among parameters.
Thank your for your help!