The HomomorphicEncryption.org community has been developing security guidelines for FHE since the First Standards Meeting in 2017. A security white paper was adopted by the community in 2018 (shortly after the Third Standards Meeting) and has since been used for configuring many FHE libraries and applications. This page provides links to the original and updated security guidelines, security estimation tools for lattice attacks, and current projects of the Security Working Group.
Community Papers
The tables from these documents have been widely used by FHE libraries and applications.
- 2024 – “Security Guidelines for Implementing Homomorphic Encryption” provides more up-to-date security tables and also includes examples of functional parameters for all common FHE schemes. The paper was published in IACR Communications in Cryptology Vol. 1, No. 4 and is accessible at https://doi.org/10.62056/anxra69p1. The ePrint version can be found at https://ia.cr/2024/463.
- 2018 – “Homomorphic Encryption Standard” is a security guidelines document (not a formal standard) that was adopted by HomomorphicEncryption.org FHE security experts at the Third Standards Meeting. It was first published here. Then, it was published at Cryptology ePrint at https://ia.cr/2019/939. Finally, it appeared as a book chapter at https://doi.org/10.1007/978-3-030-77287-1_2.
Security Estimation Tools
- Lattice estimator
A Sage module that provides functions for estimating the concrete security of Learning with Errors instances. The main purpose of this estimator is to give designers an easy way to choose parameters resisting known attacks and to enable cryptanalysts to compare their results and ideas with other techniques known in the literature. This is the most widely used tool to estimate LWE security. It is still under active development and accepts pull requests from the community. - A tool for fast and secure LWE parameter selection
A python-based tool to select secure parameters for LWE-based applications in a fast and flexible way. The tool can estimate the following parameters: security level, size of the ciphertext modulus, LWE dimension, and standard deviation of the error distribution. It was built by studying the uSVP, BDD and Primal Hybrid attacks against LWE. The theoretical foundations are presented in 2024/1895 (see also the talk at fhe.org). The tool is still under active development and accepts pull requests from the community. - Security Guidelines Toolkit
A tool to generate parameter sets following the Security Guidelines for Implementing Homomorphic Encryption (https://ia.cr/2024/463)
Security Working Group
HomomorphicEncryption.org has an active Security Working Group that is currently engaged in projects providing further guidance to the FHE practitioner community on security matters, which target both the topics included in the Community Papers cited above and new topics, e.g., guidelines for sparse-secret key distributions.
The group meets regularly online and communicates via Discord. We also collaborate in person at HES Meetings. If you would like to participate, please contact swg@homomorphicencryption.org