params.go raw

   1  // Lattice-based cryptographic parameter sets.
   2  //
   3  // Security rests on the hardness of the Shortest Vector Problem (SVP)
   4  // on ideal lattices. Parameter dimensions are chosen to resist both
   5  // classical and quantum lattice reduction (BKZ + Grover).
   6  package crypto
   7  
   8  import "git.smesh.lol/gnarl-hamadryad/ratio"
   9  
  10  // SecurityLevel specifies cryptographic strength.
  11  type SecurityLevel uint8
  12  
  13  const (
  14  	Security128 SecurityLevel = iota
  15  	Security192
  16  	Security256
  17  )
  18  
  19  // Params holds the parameters for a lattice-based cryptographic instance.
  20  type Params struct {
  21  	// N is the lattice dimension — number of constraint sites.
  22  	// Higher N = harder CVP = more security.
  23  	N int
  24  
  25  	// Q is the modulus for arithmetic operations.
  26  	// Integer-valued ratio (Denom == 1).
  27  	Q ratio.Ratio
  28  
  29  	// SmoothingParam is the dissolution threshold below which
  30  	// the lattice structure disappears into noise. This is eta_eps.
  31  	SmoothingParam ratio.Ratio
  32  
  33  	// NoiseWidth controls the spread of the discrete Gaussian.
  34  	// More noise = more security, less noise = more reliable decryption.
  35  	// Must satisfy: SmoothingParam < NoiseWidth < 1.
  36  	NoiseWidth ratio.Ratio
  37  
  38  	// MaxWalkSteps limits Brownian walk length during encryption.
  39  	MaxWalkSteps int
  40  
  41  	// DissolutionPasses is how many dissolution scans to run
  42  	// after bonding, to add the LWE noise term.
  43  	DissolutionPasses int
  44  }
  45  
  46  // DefaultParams returns parameters for a given security level.
  47  //
  48  //	128-bit: N=256,  Q=127/1, noise=3/10, smoothing=2/10
  49  //	192-bit: N=384,  Q=251/1, noise=3/10, smoothing=2/10
  50  //	256-bit: N=512,  Q=509/1, noise=3/10, smoothing=2/10
  51  func DefaultParams(level SecurityLevel) Params {
  52  	switch level {
  53  	case Security192:
  54  		return Params{
  55  			N:                 384,
  56  			Q:                 ratio.FromInt(251),
  57  			SmoothingParam:    ratio.New(2, 10),
  58  			NoiseWidth:        ratio.New(3, 10),
  59  			MaxWalkSteps:      1600, // 10^2 x 2^4 -- epoch-aligned
  60  			DissolutionPasses: 3,
  61  		}
  62  	case Security256:
  63  		return Params{
  64  			N:                 512,
  65  			Q:                 ratio.FromInt(509),
  66  			SmoothingParam:    ratio.New(2, 10),
  67  			NoiseWidth:        ratio.New(3, 10),
  68  			MaxWalkSteps:      2000, // 10^3 x 2^1 -- epoch-aligned
  69  			DissolutionPasses: 4,
  70  		}
  71  	default: // Security128
  72  		return Params{
  73  			N:                 256,
  74  			Q:                 ratio.FromInt(127),
  75  			SmoothingParam:    ratio.New(2, 10),
  76  			NoiseWidth:        ratio.New(3, 10),
  77  			MaxWalkSteps:      1024, // 2^10 -- epoch-aligned with N=256=2^8
  78  			DissolutionPasses: 2,
  79  		}
  80  	}
  81  }
  82  
  83  // Valid reports whether the parameters are internally consistent.
  84  func (p Params) Valid() bool {
  85  	if p.N <= 0 {
  86  		return false
  87  	}
  88  	if !p.Q.IsPositive() || p.Q.Denom != 1 {
  89  		return false // Q must be a positive integer
  90  	}
  91  	if !p.SmoothingParam.IsPositive() {
  92  		return false
  93  	}
  94  	if !p.NoiseWidth.IsPositive() {
  95  		return false
  96  	}
  97  	// SmoothingParam < NoiseWidth < 1
  98  	if !p.SmoothingParam.Less(p.NoiseWidth) {
  99  		return false
 100  	}
 101  	if !p.NoiseWidth.Less(ratio.One) {
 102  		return false
 103  	}
 104  	if p.MaxWalkSteps <= 0 {
 105  		return false
 106  	}
 107  	if p.DissolutionPasses <= 0 {
 108  		return false
 109  	}
 110  	return true
 111  }
 112