Cryptology ePrint Archive: Report 2019/1402

Automatize parameter tuning in Ring-Learning-With-Errors-based leveled homomorphic cryptosystem implementations

Vincent HERBERT

Abstract: Lattice-based cryptography offers quantum-resistant cryptosystems but there is not yet official recommendations to choose parameters with standard security levels. Some of these cryptosystems permit secure computations and aim at a wider audience than cryptographic community. We focus on one of them, a leveled homomorphic cryptosystem (LHE): Brakersi/Fan-Vercauteren's (BFV) one. The family of LHE cryptosystems needs to be well-instantiated not only to protect input and output ciphertexts and to perform efficiently computations, but also, for them, parametrization constrains the quantity of homomorphic computations that can be performed with guarantee of correctness. It demands to choose parameters accordingly. In addition, each implementation brings external constraints to optimize performance. All of this makes it tedious for the non-expert user to choose parameters. To solve this, we have developed CinguParam to help user to instantiate implementations of BFV in different libraries: Cingulata, FV-NFLlib and Microsoft SEAL. CinguParam permits to generate an up-to-date database of parameter sets in function of computation budget, security parameters and implementation choices. This tool includes a notion of budget to ensure correct homomorphic computations and the one of BKZ reduction cost model to grasp the gap from concrete security, nowadays. It makes use of the LWE-Estimator to obtain up-to-date security estimations. CinguParam permits to select automatically a suitable parameter set with Cingulata and it can be used to generate code snippets to set parameters with FV-NFLlib and Microsoft SEAL.

Category / Keywords: applications / Homomorphic Encryption, Noise, Learning with Errors, Parameter setting.

Date: received 3 Dec 2019

Contact author: vincent herbert at protonmail com

Available format(s): PDF | BibTeX Citation

Version: 20191204:082857 (All versions of this report)

Short URL: ia.cr/2019/1402


[ Cryptology ePrint archive ]