EUROCRYPT 2024
SLAP: Succinct Lattice-Based Polynomial Commitments from Standard Assumptions
README
SLAP
This artifact contains a script for estimating proof sizes for SLAP.
Requirements
pip install -r requirements.txt
Usage
The script exposes two functions: find_parameters_random and find_parameters_bruteforce. The first function uses random search to find the best parameters, while the second function uses grid search.
Both functions take the following parameters:
secparam: The desired security level (in bits).interactive: IfTrue, compute sizes for the interactive version of SLAP, ifFalsefor the non-interactive (compiled with the FS transform)logQ: Only used ifinteractiveisFalse. The base-2 logarithm of the number of queries the adversary can perform to the ROM.d: The degree of the polynomial committed to.k: The folding factor.l: The number of rounds the protocol is run for.opt_mode: EitherAggressiveorConservative. Determines how the BKZ blocksize is setreduction_mode: EitherProvenorHeuristic. Determines whether the reduction loss is taken into account.
find_parameters_random takes an additional parameter iters which specify how many parameters sets will be sampled.
The intended usage is the following. Fix the above parameters.
Then call find_parameters_random, editing the script consider a wide range of parameters. This should give you a list of candidate parameters, and build intuition on the right parameter ranges to consider. Once honed in into a range, use find_parameters_bruteforce to select the best parameter set in that range.