As I understand, in OpenFHE, the plaintext modulus is restricted to values p such that p \equiv 1 \mod N (for packed encoding). Since the ring dimension N is restricted by the desired security level, choosing low values for p with certain security needs is not possible. I noticed, however, that this restriction does not apply to other homomorphic encryption libraries, such as HElib.

I was wondering whether you could explain the reasoning behind that restriction to me. To my understanding, recent approaches like Faster homomorphic comparison operations for BGV and BFV require a small plaintext modulus to function efficiently.

This is a requirement for the PACKED_ENCODING in BFV/BGV to enable SIMD execution mode in their computation. As OpenFHE uses power-of-2 cyclotomic rings - whose polynomial moduli take the form (X^N+1) - the plaintext modulus must satisfy the constraint p \equiv 1 \mod 2N to support the PACKED_ENCODING mode.

Some other libraries support non-power-of-2 rings and thus might allow for smaller plaintext moduli.

Note that the COEF_PACKED_ENCODING mode does not impose the constraint above and you can use it with small moduli. However, the compute mode with this data encoding is different as the input values are encoded in polynomial coefficients rather than in the polynomial evaluations at powers of a primitive 2N-th roots of unity.