I have some security concerns about a parameter in both the rejection sampling algorithms from (for example) BLOOM: Bimodal Lattice One-Out-of-Many Proofs and Applications.
In Lemma 2.8, the value $M$ is linked to the acceptance probability of the rejection sampling. The algorithm takes $z=v+y$, where the $v$'s norm is bounded by $T$ and $y$ is sampled from a discrete Gaussian distribution with standard deviation $\mathfrak{s}$. Moreover, we have that $M=e^{14/\gamma + 1/(2\gamma^2)}$ or $M=e^{1/(2\gamma^2)}$ and hence it depends on the parameter $\gamma\in\mathbb{R}$, shaping the standard deviation $\mathfrak{s}=\gamma T$.
Observe that the higher is $\gamma$, the higher is the accepting rate, and we have more efficient algorithms.
In the paper A Framework for Practical Anonymous Credentials from Lattices, Lemma 2.4 states that $\gamma$ (called $\alpha$ here) must be $O(\sqrt{\lambda})$.
What are the practical instantiations of such $\gamma$? What are the implications on both efficiency and security if we choose an high $\gamma$?
