Parameters
A VIA parameter set is valid only if it clears two independent pass/fail checks at your target database size:
- Secure: every lattice instance the scheme exposes is hard (\(\ge\) your bit target). Binary: 119 bits is not “almost 120,” it is a fail. VIA exposes two instances (a big ring and a small ring); the weaker one is the score.
- Correct: decryption succeeds with overwhelming probability (failure \(\le 2^{-40}\)), after noise propagates through the whole DMux→first-dimension→CMux→convert pipeline.
These two pull in opposite directions: a bigger modulus buys correctness headroom but costs security; a wide-Gaussian secret buys security but blows the noise budget. Clearing both at once, at a real database size, is the whole game of parameter selection.
The catch: inference A performance number is only honest at a valid point. VIA’s headline figures are quoted at \(n_1{=}2048\) parameters that fail the security check on the keys actually shipped: our estimator puts the binding ring at \(\approx\!77\) bits, not the advertised 110 (derived under Fix). Re-priced at a genuinely \(\ge 120\)-bit point (\(n_1{=}4096\)), the profile is ~2× across compute, key size, and response (measured under Cost).
TLDR: VIA’s true profile is roughly twice its advertised one.