View article

In November 2018, the \urlHomomorphicEncryption.org consortium published the Homomorphic Encryption Security Standard. The Standard recommends several sets of Learning with Errors (LWE) parameters that can be selected by application developers to achieve a target security level \( łambda \in \128,192,256\ \). These parameter sets all involve a power-of-two dimension , an error distribution of standard deviation , and a secret whose coefficients are either chosen uniformly in \( \ZZ_q \), chosen according to the error distribution, or chosen uniformly in . These parameter sets do not necessarily reflect implementation choices in the most commonly used homomorphic encryption libraries. For example, several libraries support dimensions that are not a power of two. Moreover, all known implementations for bootstrapping for the CKKS, BFV and BGV schemes use a sparse secret and a large ring …