TL;DR: Does secretKeyDist SPARSE_ENCAPSULATED provide the same security as UNIFORM_TERNARY?
Hi all, I am playing with the sparse-secret encapsulation method in the version v1.4. In the paper Bootstrapping for Approximate Homomorphic Encryption with Negligible Failure-Probability by Using Sparse-Secret Encapsulation , its security is shown, and I wanted to double-check with you if there are any additional considerations in the practical implementation. My working example is just the src/pke/examples/advanced-ckks-bootstrapping.cpp script with the secretKeyDist set to SPARSE_ENCAPSULATED. Can I just assume It works at the same security level as UNIFORM_TERNARY (when all other parameters are the same)? If yes, congrats on the major improvement as I am already seeing +10 bits of precision in various bootstrapping settings!
The sparse secrets have lower thresholds than uniform secrets (so less levels can be used to achieve the same level of security). In the sparse-secret setting, the security level is determined by \log Q P for the Hamming weight of 192. See the following except from General Functional Bootstrapping using CKKS for the guidelines
Note that the sparse secrets are not currently included in the security documents, i.e., Homomorphic Encryption Standard and Security Guidelines for Implementing Homomorphic Encryption. This is why OpenFHE does not use any special tables for sparse secrets (and simply defaults to the parameters for the uniform case). There is an active effort to develop recommendations for sparse secrets and improve their support in the Lattice Estimator. In summary, this mode is only recommended for research purposes at the moment.
