Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Option for simplified output? #55

Open
bencrts opened this issue Oct 21, 2022 · 6 comments
Open

Option for simplified output? #55

bencrts opened this issue Oct 21, 2022 · 6 comments
Assignees
@bencrts
Labels
enhancement New feature or request

Comments

@bencrts
Copy link
Collaborator

bencrts commented Oct 21, 2022
edited

This was mentioned by Nigel at the first FHE.org conference: it might be nice to have a way to switch on a simplified output which just gives you a security level. Perhaps we could add something like:

def get_security_level(est, dp=2):
    """
    Get the security level lambda from a Lattice Estimator output
    :param est: the Lattice Estimator output
    :param dp: the number of decimal places to consider
    """
    attack_costs = []

    for key in est.keys():
        attack_costs.append(est[key]["rop"])

    security_level = round(log(min(attack_costs),2), dp)

    return security_level

This would be used like:

sage: from estimator import *
sage: est = LWE.estimate(schemes.TFHE630)
bkw                  :: rop: ≈2^153.1, m: ≈2^139.4, mem: ≈2^132.6, b: 4, t1: 0, t2: 24, ℓ: 3, #cod: 552, #top: 0, #test: 78, tag: coded-bkw
usvp                 :: rop: ≈2^124.5, red: ≈2^124.5, δ: 1.004497, β: 335, d: 1123, tag: usvp
bdd                  :: rop: ≈2^131.0, red: ≈2^115.1, svp: ≈2^131.0, β: 301, η: 393, d: 1095, tag: bdd
bdd_hybrid           :: rop: ≈2^185.3, red: ≈2^115.9, svp: ≈2^185.3, β: 301, η: 588, ζ: 0, |S|: 1, d: 1704, prob: 1, ↻: 1, tag: hybrid
bdd_mitm_hybrid      :: rop: ≈2^265.5, red: ≈2^264.5, svp: ≈2^264.5, β: 301, η: 2, ζ: 215, |S|: ≈2^189.2, d: 1489, prob: ≈2^-146.6, ↻: ≈2^148.8, tag: hybrid
dual                 :: rop: ≈2^128.7, mem: ≈2^72.0, m: 551, β: 346, d: 1181, ↻: 1, tag: dual
dual_hybrid          :: rop: ≈2^119.8, mem: ≈2^115.5, m: 516, β: 314, d: 1096, ↻: 1, ζ: 50, tag: dual_hybrid

sage: get_security_level(est)
119.76

to let users turn their cost strings into a security level value.
@bencrts bencrts added the enhancement New feature or request label Oct 21, 2022
@bencrts bencrts self-assigned this Oct 21, 2022
@malb
Copy link
Owner

malb commented Oct 21, 2022

Something seems off about your example? But wouldn't this also be solved by documenting "pick the lowest of these"? I'm mostly concerned that if we make it "too easy" then people might use it without understanding what they're doing? But maybe that fear is overblown?

@bencrts
Copy link
Collaborator Author

bencrts commented Oct 24, 2022

Good spot, copy/paste error -- fixed it. Another option could be to have an est.simple() method which removes all the attack parameters and returns only rop values for each attack, e.g:

bkw                  :: rop: ≈2^153.1
usvp                 :: rop: ≈2^124.5
bdd                  :: rop: ≈2^131.0
bdd_hybrid           :: rop: ≈2^185.3
bdd_mitm_hybrid      :: rop: ≈2^265.5
dual                 :: rop: ≈2^128.7
dual_hybrid          :: rop: ≈2^119.8

which might also address your concern. I don't feel particularly strongly about this, I just mentioned at the FHE.org event that I would open an issue and completely forgot to do it until now.

@malb
Copy link
Owner

malb commented Oct 24, 2022

Do we think this would make much of a difference since we already list rop first? I honestly don't know! Maybe other people would like to chime in on this discussion? So perhaps we leave this ticket open and when the issue comes up again, you direct people to voice their preferences here?

@bencrts
Copy link
Collaborator Author

bencrts commented Oct 24, 2022

Works for me!

@macknight
Copy link

macknight commented Dec 21, 2022
edited

Hi,

A simplified output is good.
Focusing is important, giving the new users the first glimpse of the hardness. At first, when looking at the output, I was totally confused, trying to figuring out the meanings of each output param.
it's like INFO, DEBUG mode output switch. So INFO should be the default option.

BR

@macknight
Copy link

Good spot, copy/paste error -- fixed it. Another option could be to have an est.simple() method which removes all the attack parameters and returns only rop values for each attack, e.g:

bkw                  :: rop: ≈2^153.1
usvp                 :: rop: ≈2^124.5
bdd                  :: rop: ≈2^131.0
bdd_hybrid           :: rop: ≈2^185.3
bdd_mitm_hybrid      :: rop: ≈2^265.5
dual                 :: rop: ≈2^128.7
dual_hybrid          :: rop: ≈2^119.8

which might also address your concern. I don't feel particularly strongly about this, I just mentioned at the FHE.org event that I would open an issue and completely forgot to do it until now.

And a first title line would look even better.

ALGORITHM NAME :: rop: (-bits security)
bkw :: rop: ≈2^153.1
usvp :: rop: ≈2^124.5
bdd :: rop: ≈2^131.0
bdd_hybrid :: rop: ≈2^185.3
bdd_mitm_hybrid :: rop: ≈2^265.5
dual :: rop: ≈2^128.7
dual_hybrid :: rop: ≈2^119.8

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bencrts bencrts

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@macknight @malb @bencrts