Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add guidance for choosing the field size #325

Merged
merged 1 commit into from
Jan 23, 2024
Merged

Add guidance for choosing the field size #325

merged 1 commit into from
Jan 23, 2024

Conversation

cjpatton
Copy link
Collaborator

@cjpatton cjpatton commented Jan 11, 2024
edited
Loading

Closes #311.

For Prio3, when joint randomness is used:

  • RECOMMEND Field128
  • Field64 MAY be used, but PROOFS MUST be 3

The latter is motivated by issue #177. The recommendation is based on the upper bound given by {{DPRS23}}, Theorem 1 and a matching attack described by @bwesterb (see issue #311).

bwesterb
bwesterb reviewed Jan 12, 2024
View reviewed changes
draft-irtf-cfrg-vdaf.md Outdated Show resolved Hide resolved
wangshan
wangshan reviewed Jan 15, 2024
View reviewed changes
draft-irtf-cfrg-vdaf.md Outdated Show resolved Hide resolved
@cjpatton cjpatton requested a review from wangshan January 16, 2024 17:04
divergentdave
divergentdave approved these changes Jan 18, 2024
View reviewed changes
Copy link
Collaborator

@divergentdave divergentdave left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. I think we should also add | PROOFS | 1 | to tables 9, 10, 11, and 12, right after Field, to be clear about the parameter values for the four concrete Prio3 VDAFs (and algorithm IDs) we define.

wangshan
wangshan approved these changes Jan 23, 2024
View reviewed changes
Copy link
Contributor

@wangshan wangshan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved assuming "Connecting soundness and robustness" is addressed either in this PR or a future one.

@cjpatton
Copy link
Collaborator Author

Approved assuming "Connecting soundness and robustness" is addressed either in this PR or a future one.

Right, thanks for the reminder! I'll ping you for a quick review if you don't mind.

@cjpatton cjpatton force-pushed the cjpatton/311-f128-to-f64 branch from fcc9f91 to 609fcae Compare January 23, 2024 21:19
@cjpatton
Copy link
Collaborator Author

@divergentdave Looks good. I think we should also add | PROOFS | 1 | to tables 9, 10, 11, and 12, right after Field, to be clear about the parameter values for the four concrete Prio3 VDAFs (and algorithm IDs) we define.

These tables specify parameters of the circuit; the number of proofs is not a parameter of the circuit. In fact, the gudance here is about modifying one of the circuits, say SumVec by changing the field from Field64 to Field128.

What do you think about decoupling Field from the circuit and moving it to the Prio3 variant. There, PROOFS is (or should, at least) be specified.

@cjpatton @wangshan
Add guidance for choosing the field size
fffbafe 
For Prio3, when joint randomness is used:

* RECOMMEND Field128
* Field64 MAY be used, but `PROOFS` MUST be `3`

The latter is motivated by issue #177. The recommendation is based on
the upper bound given by {{DPRS23}}, Theorem 1 and a matching attack
described by Bas Westerbaan (see issue #311).

Co-authored-by: Shan <[email protected]>
@cjpatton cjpatton force-pushed the cjpatton/311-f128-to-f64 branch from 609fcae to fffbafe Compare January 23, 2024 21:31
@divergentdave
Copy link
Collaborator

Good point, I think that sounds better

@cjpatton
Copy link
Collaborator Author

I'll lift to an issue and handle it after this PR.

@cjpatton cjpatton mentioned this pull request Jan 23, 2024
Closed
@cjpatton cjpatton merged commit 041fce5 into main Jan 23, 2024
4 checks passed
@cjpatton cjpatton deleted the cjpatton/311-f128-to-f64 branch May 1, 2024 20:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bwesterb bwesterb bwesterb left review comments

@junyechen1996 junyechen1996 junyechen1996 approved these changes

@wangshan wangshan wangshan approved these changes

@divergentdave divergentdave divergentdave approved these changes

@bifurcation bifurcation Awaiting requested review from bifurcation bifurcation is a code owner

@schoppmp schoppmp Awaiting requested review from schoppmp schoppmp is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Prio3: Add guidance for choosing PROOFS and Flp.Field
5 participants
@cjpatton @divergentdave @bwesterb @wangshan @junyechen1996