diff --git a/.gitbook.yaml b/.gitbook.yaml index b5e8413487..63ae6b924b 100644 --- a/.gitbook.yaml +++ b/.gitbook.yaml @@ -48,5 +48,6 @@ redirects: dev/compilation/TracingDialect: explanations/TracingDialect.md dev/compilation/RTDialect: explanations/RTDialect.md dev/compilation/SDFGDialect: explanations/SDFGDialect.md - dev/security/security_curves: explanations/security_curves.md + dev/security/security_curves: explanations/security.md + explanations/security_curves: explanations/security.md dev/setup/layout: explanations/layout.md diff --git a/docs/SUMMARY.md b/docs/SUMMARY.md index 8e91389f88..20a46daa6a 100644 --- a/docs/SUMMARY.md +++ b/docs/SUMMARY.md @@ -74,7 +74,7 @@ * [Tracing dialect](explanations/TracingDialect.md) * [Runtime dialect](explanations/RTDialect.md) * [SDFG dialect](explanations/SDFGDialect.md) -* [Security](explanations/security_curves.md) +* [Security](explanations/security.md) * [Call FHE circuits from other languages](explanations/call_from_other_language.md) * [Project layout](explanations/layout.md) diff --git a/docs/explanations/security_curves.md b/docs/explanations/security.md similarity index 94% rename from docs/explanations/security_curves.md rename to docs/explanations/security.md index 4e056497b4..04d85379e4 100644 --- a/docs/explanations/security_curves.md +++ b/docs/explanations/security.md @@ -5,17 +5,17 @@ To select secure cryptographic parameters for usage in Concrete, we utilize the [Lattice-Estimator](https://github.com/malb/lattice-estimator). In particular, we use the following workflow: 1. Data Acquisition - - For a given value of $$(n, q = 2^{64}, \sigma)$$ we obtain raw data from the Lattice Estimator, which ultimately leads to a security level $$\lambda$$. All relevant attacks in the Lattice Estimator are considered. - - Increase the value of $$\sigma$$, until the tuple $$(n, q = 2^{64}, \sigma)$$ satisfies the target level of security $$\lambda_{target}$$. + - For a given value of $$(n, q = 2^{64}, \sigma)$$ we obtain raw data from the Lattice Estimator, which ultimately leads to a security level $$\lambda$$. All relevant attacks in the Lattice Estimator are considered. + - Increase the value of $$\sigma$$, until the tuple $$(n, q = 2^{64}, \sigma)$$ satisfies the target level of security $$\lambda_{target}$$. - Repeat for several values of $$n$$. -2. Model Generation for $$\lambda = \lambda_{target}$$. +2. Model Generation for $$\lambda = \lambda_{target}$$. - At this point, we have several sets of points $$\{(n, q = 2^{64}, \sigma)\}$$ satisfying the target level of security $$\lambda_{target}$$. From here, we fit a model to this raw data ($$\sigma$$ as a function of $$n$$). 3. Model Verification. - - For each model, we perform a verification check to ensure that the values output from the function $$\sigma(n)$$ provide the claimed level of security, $$\lambda_{target}$$. + - For each model, we perform a verification check to ensure that the values output from the function $$\sigma(n)$$ provide the claimed level of security, $$\lambda_{target}$$. -These models are then used as input for Concrete, to ensure that the parameter space explored by the compiler attains the required security level. Note that we consider the `RC.BDGL16` lattice reduction cost model within the Lattice Estimator. +These models are then used as input for Concrete, to ensure that the parameter space explored by the compiler attains the required security level. Note that we consider the `RC.BDGL16` lattice reduction cost model within the Lattice Estimator. Therefore, when computing our security estimates, we use the call `LWE.estimate(params, red_cost_model = RC.BDGL16)` on the input parameter set `params`. {% hint style="warning" %} @@ -36,7 +36,7 @@ To compare the current curves with the output of the lattice estimator, use: make compare-curves -this will compare the four curves generated above against the output of the version of the lattice estimator found in the [third_party folder](https://github.com/zama-ai/concrete/tree/main/third_party). +this will compare the four curves generated above against the output of the version of the lattice estimator found in the [third_party folder](https://github.com/zama-ai/concrete/tree/main/third_party). To generate the associated cpp and rust code, use:: @@ -47,7 +47,7 @@ further advanced options can be found inside the Makefile. ## Example To look at the raw data gathered in step 1., we can look in the [sage-object folder](https://github.com/zama-ai/concrete/tree/main/tools/parameter-curves/sage-object). These objects can be loaded in the following way using SageMath: - + sage: X = load("128.sobj") entries are tuples of the form: $$(n, log_2(q), log_2(\sigma), \lambda)$$. We can view individual entries via:: @@ -68,5 +68,5 @@ Here we can see the linear model parameters $$(a = -0.026599462343105267, b = 2. $$ \sigma = a * n + b = -37.85 $$ -This value corresponds to the logarithm of the relative error size. Using the parameter set $$(n, log(q), \sigma = 2^{64 - 37.85})$$ in the Lattice Estimator confirms a 128-bit security level. +This value corresponds to the logarithm of the relative error size. Using the parameter set $$(n, log(q), \sigma = 2^{64 - 37.85})$$ in the Lattice Estimator confirms a 128-bit security level.