Hello everyone, I am trying to dig into the code details of concrete library. I have question regarding the parameter naming and what does it mean in concrete:
(a). WOPBS_PARAM_MESSAGE_X_CARRY_Y
(b). WOPBS_PARAM_MESSAGE_X_NORM2_Y
(c). WOPBS_PRIME_PARAM_MESSAGE_X_NORM2_Y
(d). PARAM_X_BITS_Y_BLOCKS
For (a), I think it is clear that X and Y shows the number of bit in message bit and carry bit. But how about (b), (c), and (d)? What is the ‘NORM2’ mean here?
Also, just to make sure, what is the security level provided in concrete library? Are they all have 128-bit security level (even for WOPBS parameter)?
Sorry for the late reply.
There is a link between the norm2 and the number of carries in the parameters naming: let X = number of bits in the message space and Y = number of bits in the carry space, then norm2 = (2^(X+Y) - 1)/(2^x- 1).
Basically, this is another way of determining the space dedicated to the levelled operations.
The number of blocks in (d) refers to the number of LWE ciphertexts to represent a large integers.
All of them guaranteed 128-bits of security at the time they have been generated.
The parameter sets for the WoPBS are experimental at the moment, there are going to be reworked in the next release of TFHE-rs (which replaces concrete). Their naming will be directly connected to the manner of using them (as it is the case for the classical PBS parameter sets). They will also be updated with respect to the last security guidelines.
I am still somewhat confuse. What is the advantage of defining parameter in the term of norm2 and what does PRIME_PARAM mean? Is there any paper or literature where I can learn more about this?
That’s normal, I didn’t give you enough details to fully understand it
The ‘prime’ in the parameter sets refers to a prime modulus for the message space (i.e., you are working with unsigned integers modulo a prime number). This has an impact on the cryptographic parameters, that’s why there are distinct.
If you wanna have more details on how we find parameters and how the WoPPBS works you can have a look at this paper. This should give you some information on our way to represent levelled operations and the use of the norm2.
Once again, all of this will soon be way easier to play with!
