SLAP

This artifact contains a script for estimating proof sizes for SLAP.

Requirements

pip install -r requirements.txt

Usage

The script exposes two functions: find_parameters_random and find_parameters_bruteforce. The first function uses random search to find the best parameters, while the second function uses grid search.

Both functions take the following parameters:
1. secparam: The desired security level (in bits).
2. interactive: If True, compute sizes for the interactive version of SLAP, if False for the non-interactive (compiled with the FS transform)
3. logQ: Only used if interactive is False. The base-2 logarithm of the number of queries the adversary can perform to the ROM.
4. d: The degree of the polynomial committed to.
5. k: The folding factor.
6. l: The number of rounds the protocol is run for.
7. opt_mode: Either Aggressive or Conservative. Determines how the BKZ blocksize is set
8. reduction_mode: Either Proven or Heuristic. Determines whether the reduction loss is taken into account.

find_parameters_random takes an additional parameter iters which specify how many parameters sets will be sampled.

The intended usage is the following. Fix the above parameters.
Then call find_parameters_random, editing the script consider a wide range of parameters. This should give you a list of candidate parameters, and build intuition on the right parameter ranges to consider. Once honed in into a range, use find_parameters_bruteforce to select the best parameter set in that range.