Cryptology ePrint Archive: Report 2018/331

Estimate all the {LWE, NTRU} schemes!

Martin R. Albrecht and Benjamin R. Curtis and Amit Deo and Alex Davidson and Rachel Player and Eamonn W. Postlethwaite and Fernando Virdia and Thomas Wunderer

Abstract: We consider all LWE- and NTRU-based encryption, key encapsulation, and digital signature schemes proposed for standardisation as part of the Post-Quantum Cryptography process run by the US National Institute of Standards and Technology (NIST). In particular, we investigate the impact that different estimates for the asymptotic runtime of (block-wise) lattice reduction have on the predicted security of these schemes. Relying on the ``LWE estimator'' of Albrecht et al., we estimate the cost of running primal and dual lattice attacks against every LWE-based scheme, using every cost model proposed as part of a submission. Furthermore, we estimate the security of the proposed NTRU-based schemes against the primal attack under all cost models for lattice reduction.

Category / Keywords: post-quantum cryptography, public-key cryptography, cryptanalysis, learning with errors, NTRU, NIST

Date: received 9 Apr 2018, last revised 9 Apr 2018

Contact author: benjamin curtis 2015 at rhul ac uk

Available format(s): PDF | BibTeX Citation

Note: Same PDF uploaded, only revised to add keywords.

Version: 20180410:020256 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]