We present three results. First, we propose a parameter generation algorithm for SWIFFT where the main parameter n can be any integer in the image of Euler's totient function, and not necessarily a power of 2 as before. Second, we give some efficiency improvements that apply to SWIFFT in general. Third, we give experimental evidence that finding pseudo-collisions for SWIFFT is as hard as breaking a 68-bit symmetric cipher according to the well-known heuristic by Lenstra and Verheul. We also recommend conservative parameters corresponding to a 127-bit symmetric cipher.
Category / Keywords: post-quantum cryptography, hash functions, lattices Date: received 25 Nov 2008, last revised 21 Apr 2009 Contact author: rlindner at cdc informatik tu-darmstadt de Available formats: Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation Version: 20090421:125908 (All versions of this report) Discussion forum: Show discussion | Start new discussion