eprint.iacr.org will be offline for approximately an hour for routine maintenance at 11pm UTC on Tuesday, April 16. We lost some data between April 12 and April 14, and some authors have been notified that they need to resubmit their papers.

Paper 2018/331

Estimate all the {LWE, NTRU} schemes!

Martin R. Albrecht, Benjamin R. Curtis, Amit Deo, Alex Davidson, Rachel Player, Eamonn W. Postlethwaite, Fernando Virdia, and Thomas Wunderer


We consider all LWE- and NTRU-based encryption, key encapsulation, and digital signature schemes proposed for standardisation as part of the Post-Quantum Cryptography process run by the US National Institute of Standards and Technology (NIST). In particular, we investigate the impact that different estimates for the asymptotic runtime of (block-wise) lattice reduction have on the predicted security of these schemes. Relying on the ``LWE estimator'' of Albrecht et al., we estimate the cost of running primal and dual lattice attacks against every LWE-based scheme, using every cost model proposed as part of a submission. Furthermore, we estimate the security of the proposed NTRU-based schemes against the primal attack under all cost models for lattice reduction.

Note: Uploading latest version

Available format(s)
Publication info
Published elsewhere. Minor revision. Conference on Security and Cryptography for Networks (SCN'18)
post-quantum cryptographypublic-key cryptographycryptanalysislearning with errorsNTRUNIST
Contact author(s)
benjamin curtis 2015 @ rhul ac uk
2018-12-03: revised
2018-04-10: received
See all versions
Short URL
Creative Commons Attribution


      author = {Martin R.  Albrecht and Benjamin R.  Curtis and Amit Deo and Alex Davidson and Rachel Player and Eamonn W.  Postlethwaite and Fernando Virdia and Thomas Wunderer},
      title = {Estimate all the {LWE, NTRU} schemes!},
      howpublished = {Cryptology ePrint Archive, Paper 2018/331},
      year = {2018},
      note = {\url{https://eprint.iacr.org/2018/331}},
      url = {https://eprint.iacr.org/2018/331}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.