# Security curves To select secure cryptographic parameters for usage in Concrete, we utilize the [Lattice-Estimator](https://github.com/malb/lattice-estimator). In particular, we use the following workflow: 1. Data Acquisition * For a given value of $$(n, q = 2^{64}, \sigma)$$ we obtain raw data from the Lattice Estimator, which ultimately leads to a security level $$\lambda$$. All relevant attacks in the Lattice Estimator are considered. * Increase the value of $$\sigma$$, until the tuple $$(n, q = 2^{64}, \sigma)$$ satisfies the target level of security $$\lambda\_{target}$$. * Repeat for several values of $$n$$. 2. Model Generation for $$\lambda = \lambda\_{target}$$. * At this point, we have several sets of points $${(n, q = 2^{64}, \sigma)}$$ satisfying the target level of security $$\lambda\_{target}$$. From here, we fit a model to this raw data ($$\sigma$$ as a function of $$n$$). 3. Model Verification. * For each model, we perform a verification check to ensure that the values output from the function $$\sigma(n)$$ provide the claimed level of security, $$\lambda\_{target}$$. These models are then used as input for Concrete, to ensure that the parameter space explored by the compiler attains the required security level. Note that we consider the `RC.BDGL16` lattice reduction cost model within the Lattice Estimator. Therefore, when computing our security estimates, we use the call `LWE.estimate(params, red_cost_model = RC.BDGL16)` on the input parameter set `params`. ## Usage To generate the raw data from the lattice estimator, use:: ``` make generate-curves ``` by default, this script will generate parameter curves for {80, 112, 128, 192} bits of security, using $$log\_2(q) = 64$$. To compare the current curves with the output of the lattice estimator, use: ``` make compare-curves ``` this will compare the four curves generated above against the output of the version of the lattice estimator found in the [third\_party folder](https://github.com/zama-ai/concrete/tree/main/third_party). To generate the associated cpp and rust code, use:: ``` make generate-code ``` further advanced options can be found inside the Makefile. ## Example To look at the raw data gathered in step 1., we can look in the [sage-object folder](https://github.com/zama-ai/concrete/tree/main/tools/parameter-curves/sage-object). These objects can be loaded in the following way using SageMath: ``` sage: X = load("128.sobj") ``` entries are tuples of the form: $$(n, log\_2(q), log\_2(\sigma), \lambda)$$. We can view individual entries via:: ``` sage: X["128"][0] (2366, 64.0, 4.0, 128.51) ``` To view the interpolated curves we load the `verified_curves.sobj` object inside the [sage-object folder](https://github.com/zama-ai/concrete/tree/main/tools/parameter-curves/sage-object). ``` sage: curves = load("verified_curves.sobj") ``` This object is a tuple containing the information required for the four security curves ({80, 112, 128, 192} bits of security). Looking at one of the entries: ``` sage: curves[2][:3] (-0.026599462343105267, 2.981543184145991, 128) ``` Here we can see the linear model parameters $$(a = -0.026599462343105267, b = 2.981543184145991)$$ along with the security level 128. This linear model can be used to generate secure parameters in the following way: for $$q = 2^{64}$$, if we have an LWE dimension of $$n = 1536$$, then the required noise size is: $$\sigma = a \* n + b = -37.85$$ This value corresponds to the logarithm of the relative error size. Using the parameter set $$(n, log(q), \sigma = 2^{64 - 37.85})$$ in the Lattice Estimator confirms a 128-bit security level. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.zama.org/concrete/2.4/explanations/security_curves.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.