github/concrete
1
1
Fork 0
mirror of https://github.com/zama-ai/concrete.git synced 2026-01-10 05:18:00 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
8a672a0c594ef9002db8e2bf0f6464591cf714fa
concrete/tools/parameter-curves
History

README.rst 

Parameter curves for Concrete
=============

This Github repository contains the code needed to generate the Parameter curves used inside Zama. The repository contains the following files:

- cpp/, Python scripts to generate a cpp file containing the parameter curves (needs updating)
- data/, a folder containing the data generated for previous curves. 
- estimator_new/, the Lattice estimator (TODO: add as a submodule and use dependabot to alert for new commits)
- old_files/, legacy files used for previous versions
- generate_data.py, functions to gather raw data from the lattice estimator
- verifiy_curves.py, functions to generate and verify curves from raw data

.. image:: logo.svg
   :align: center
   :width: 200


Example
-------------------
This is an example of how to generate the parameter curves, and save them to file.

::

    ./job.sh
::

This will generate several data files, {80, 96, 112, 128, 144, 160, 176, 192, 256}.sobj

To generate the parameter curves from the data files, we run 

`sage verify_curves.py`

this will generate a list of the form:

::

   [(-0.04042633119364589, 1.6609788641436722, 80, 'PASS', 450),
    (-0.03414780360867051, 2.017310258660345, 96, 'PASS', 450),
    (-0.029670137081135885, 2.162463714083856, 112, 'PASS', 450),
    (-0.02640502876522622, 2.4826422691043177, 128, 'PASS', 450),
    (-0.023821437305989134, 2.7177789440636673, 144, 'PASS', 450),
    (-0.02174358218716036, 2.938810548493322, 160, 'PASS', 498),
    (-0.019904056582117684, 2.8161252801542247, 176, 'PASS', 551),
    (-0.018610403247590085, 3.2996236848399008, 192, 'PASS', 606),
    (-0.014606812351714953, 3.8493629234693003, 256, 'PASS', 826)]
::

each element is a tuple (a, b, security, P, n_min), where (a,b) are the model 
parameters, security is the security level, P is a boolean value denoting PASS or 
FAIL of the verification, and n_min is the smallest reccomended value of `n` to be used.

Each model outputs a value of sigma, and is of the form:

::

   f(a, b, n) = max(floor(a * n + b), -log2(q) + 2)
::

where the -log2(q) + 2 term ensures that we are always using at least two bits of noise.

Version History
-------------------

Data for the curves are kept in /data. The following files are present:

::

    v0: generated using the {usvp, dual, decoding} attacks
    v0.1: generated using the {mitm, usvp, dual, decoding} attacks
    v0.2: generated using the lattice estimator
::
Reference in New Issue View Git Blame Copy Permalink