mirror of
https://github.com/zama-ai/concrete.git
synced 2026-02-15 07:05:09 -05:00
tidy repo
This commit is contained in:
Ben
45
README.rst
45
README.rst
@@ -3,12 +3,12 @@ Parameter curves for Concrete
|
||||
|
||||
This Github repository contains the code needed to generate the Parameter curves used inside Zama. The repository contains the following files:
|
||||
|
||||
- cpp/, Python scripts to generate a cpp file containing the parameter curves
|
||||
- cpp/, Python scripts to generate a cpp file containing the parameter curves (needs updating)
|
||||
- data/, a folder containing the data generated for previous curves.
|
||||
- estimator/, Zama's internal version of the LWE Estimator
|
||||
- figs/, a folder containing various figures related to the parameter curves
|
||||
- scripts.py, a copy of all scripts required to generate the parameter curves
|
||||
- a variety of other python files, used for estimating the security of previous Concrete parameter sets
|
||||
- estimator_new/, the Lattice estimator (TODO: add as a submodule and use dependabot to alert for new commits)
|
||||
- old_files/, legacy files used for previous versions
|
||||
- generate_data.py, functions to gather raw data from the lattice estimator
|
||||
- verifiy_curves.py, functions to generate and verify curves from raw data
|
||||
|
||||
.. image:: logo.svg
|
||||
:align: center
|
||||
@@ -20,13 +20,16 @@ Example
|
||||
This is an example of how to generate the parameter curves, and save them to file.
|
||||
|
||||
::
|
||||
|
||||
sage: load("scripts.py")
|
||||
sage: results = get_zama_curves()
|
||||
sage: save(results, "v0.sobj")
|
||||
./job.sh
|
||||
::
|
||||
|
||||
We can load results files, and find the interpolants.
|
||||
This will generate several data files, {80, 96, 112, 128, 144, 160, 176, 192, 256}.sobj
|
||||
|
||||
To generate the parameter curves from the data files, we run
|
||||
|
||||
`sage verify_curves.py`
|
||||
|
||||
this will generate a list of the form:
|
||||
|
||||
::
|
||||
|
||||
@@ -41,22 +44,15 @@ We can load results files, and find the interpolants.
|
||||
(-0.014606812351714953, 3.8493629234693003, 256, 'PASS', 826)]
|
||||
::
|
||||
|
||||
Finding the value of n_{alpha} is done manually. We can also verify the interpolants which are generated at the same time:
|
||||
each element is a tuple (a, b, security, P, n_min), where (a,b) are the model
|
||||
parameters, security is the security level, P is a boolean value denoting PASS or
|
||||
FAIL of the verification, and n_min is the smallest reccomended value of `n` to be used.
|
||||
|
||||
::
|
||||
Each model outputs a value of sigma, and is of the form:
|
||||
|
||||
# verify the interpolant used for lambda = 256 (which is interps[-1])
|
||||
sage: z = verify_interpolants(interps[-1], (128,2048), 64)
|
||||
[... code runs, can take ~10 mins ...]
|
||||
# find the index corresponding to n_alpha, which is where security drops below the target security level (256 here)
|
||||
sage: n_alpha = find_nalpha(z, 256)
|
||||
653
|
||||
|
||||
# so the model in this case is
|
||||
(-0.014327640360322604, 2.899270827311096, 653)
|
||||
# which corresponds to
|
||||
# sd(n) = max(-0.014327640360322604 * n + 2.899270827311096, -logq + 2), n >= 653
|
||||
::
|
||||
`f(a, b, n) = max(ceil(a * n + b), -log2(q) + 2)`
|
||||
|
||||
where the -log2(q) + 2 term ensures that we are always using at least two bits of noise.
|
||||
|
||||
Version History
|
||||
-------------------
|
||||
@@ -67,6 +63,7 @@ Data for the curves are kept in /data. The following files are present:
|
||||
|
||||
v0: generated using the {usvp, dual, decoding} attacks
|
||||
v0.1: generated using the {mitm, usvp, dual, decoding} attacks
|
||||
v0.2: generated using the lattice estimator
|
||||
::
|
||||
|
||||
TODO List
|
||||
|
||||
Reference in New Issue
Block a user