2014
DOI: 10.1007/978-3-319-11659-4_2
|View full text |Cite
|
Sign up to set email alerts
|

On the Efficiency of Provably Secure NTRU

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
13
0

Year Published

2015
2015
2021
2021

Publication Types

Select...
3
3
1

Relationship

0
7

Authors

Journals

citations
Cited by 11 publications
(13 citation statements)
references
References 24 publications
0
13
0
Order By: Relevance
“…Fourth, even if the conversion were tight, switching to these "provable" cryptosystems would impose considerable costs. One example of these costs is quantified in the analysis of [31]. Another example of these costs is implicit in the security analysis of [5]: the Ring-LWE parameters in [5] are not chosen to ensure the hardness of Ring-LWE, but merely to ensure hardness against attacks using the very small number of output samples actually provided by the cryptosystem.…”
Section: Worst-case-to-average-case Reductionsmentioning
confidence: 99%
“…Fourth, even if the conversion were tight, switching to these "provable" cryptosystems would impose considerable costs. One example of these costs is quantified in the analysis of [31]. Another example of these costs is implicit in the security analysis of [5]: the Ring-LWE parameters in [5] are not chosen to ensure the hardness of Ring-LWE, but merely to ensure hardness against attacks using the very small number of output samples actually provided by the cryptosystem.…”
Section: Worst-case-to-average-case Reductionsmentioning
confidence: 99%
“…Some background material from [POG15a] is also used. [CWB14] concluded that it is inferior to other lattice-based PKEs.…”
Section: Chapter 5 Implementation Of Ring-lwe Encryption Onmentioning
confidence: 99%
“…For a positive real s ∈ R + , the discrete Gaussian distribution χ s on an interval of integers [a, b] is a discrete probability distribution that assigns to each element x in the interval a probability proportional to exp(−(x − µ) 2 /2σ 2 ), where, similar to the continuous Gaussian distribution, µ denotes the mean, and σ > 0 is the standard deviation which is equal to s/ √ 2π [13,9]. In other words, the discrete Gaussian distribution is obtained by limiting the domain of the probability density function of a continuous Gaussian distribution to the integers, followed by proper scaling so that the total probability equals 1.…”
Section: Discrete Gaussian Samplingmentioning
confidence: 99%
“…Let p be an element of R q with small coefficients; p is coprime with q and will determine the plaintext space. A common choice is to take p = 3 for q a power of 2 [36,15,9]. The secret key is then a pair of polynomials (f, g) whose coefficients are chosen uniformly at random from {−1, 0, 1}.…”
Section: Ntru Encryption Schemesmentioning
confidence: 99%
See 1 more Smart Citation