Secure Parameters for SWIFFT. - Internet Archive Scholar

Second, we propose a parameter generation algorithm for SWIFFT where the main parameter n can be any integer in the image of Euler's totient function, and not necessarily a power of 2 as before. ... The SWIFFT compression functions, proposed by Lyubashevsky et al. at FSE 2008, are very efficient instantiations of generalized compact knapsacks for a specific set of parameters. ... Acknowledgments We would like to thank Chris Peikert and Alon Rosen for helpful advice and encouragement. ...

doi:10.1007/978-3-642-10628-6_1 fatcat:goeut3y7vfbblgjpmcdznugqn4

Therefore, in particular, they are not suitable for resource-constraint devices. Many widely used signature schemes are not post-quantum. ... They have found diverse applications including forward security and broadcast authentication. ... The authors would like to thank Anne Broadbent for her comments on an earlier version of this paper, Andreas Hülsing for helping in the security proof, John Schanck for discussions on lattices, and Fang ...

doi:10.1007/978-3-319-31301-6_20 fatcat:mevu4kqwgbeu7h647btvy3rrp4

This survey provides a comparative overview of lattice-based signature schemes with respect to security and performance. ... Furthermore, we explicitly show how to construct a competitive and provably secure Merkle-tree signature scheme solely based on worst-case lattice problems. ... Thus, we consider GMSS-SWIFFT-LM secure and practical even for larger security parameters. Organization. ...

doi:10.1007/s00607-009-0042-y fatcat:umo37odrn5dgfgio6k4fnpvbj4

Efficiency improvement for NTRU. In A. Alkassar and J. H. Siekmann, editors, Sicherheit 2008: Sicherheit, Schutz und Zuverlässigkeit. Konferenzband der 4. ... These parameters are later shown to be far more secure than the standard SWIFFT parameters. ... The same assumption was used for the SWIFFT hash function, which is secure for much smaller parameters than those required by Lyubashevsky. ...

doi:10.1007/978-3-642-16280-0_1 fatcat:qphlhyww45avzim6wyo7bvnira

Then, we attempt to find pseudo-collision in SWIFFT hash function and show that a different set of parameters produces a special shape of Gram-Schmidt norms other than the predicted Geometric Series Assumptions ... Progressive approach (gradually increasing block size) of this algorithm has been attempted in several works for better performance but actual analysis of this approach has never been reported. ... The usual parameters choice for SWIFFT are = 16, = 64 and = 257. A. ...

doi:10.5815/ijcnis.2019.01.04 fatcat:dat3ekajxfh5zkuikwehlxvrd4

Open Access

While the authors of FSB, MQ-HASH and SWIFFT(X) prove existence of nontrivial lower bounds on security, we show that the quantification of the bounds limits the practical significance of the proofs. ... We provide a concrete security treatment of several "provably secure" hash functions. Interpreting arguments behind MQ-HASH, FSB, SWIFFTX and VSH we identify similar lines of reasoning. ... Acknowledgements The author would like to thank Arjen Lenstra, Martijn Stam, Kenny Paterson and the anonymous reviewers for useful comments on the text. ...

doi:10.1007/978-3-642-16280-0_8 fatcat:pyzahjszpzgw7kxzyt7kwurc3e

include: applying the Hermite normal form (HNF) to get faster algorithms; a heuristic analysis of the HGJ and BCJ algorithms in the case of density greater than one; an improved cryptanalysis of the SWIFFT ... hash function; a new method that exploits symmetries to speed up algorithms for Ring-SIS in some cases. ... Acknowledgements We thank the reviewers for their detailed comments and suggestions. ...

doi:10.1007/s00145-018-9304-1 fatcat:5r7r3ggrjvcgtepl3iaddgwody

We give instantiations of recently proposed parameter sets for homomorphic and public-key encryption. ... For a parameter set of a SHE scheme (n=1024,p=1061093377) our implementation performs 9063 polynomial multiplications per second on a mid-range Spartan-6. ... in O(n 2 ) for the security parameter n [42] . ...

doi:10.1007/978-3-642-33481-8_8 fatcat:53fo5qtatbe4nifvlaku7nxlvm

While the original proofs of security based on hardness of factoring or discrete logarithms are preserved, we can base the security on the k-sum problem studied by Wagner and more recently by Minder & ... We reconsider the provably collision resistant Very Smooth Hash and propose a small change in the design aiming to improve both performance and security. ... Acknowledgements The author would like to thank Arjen Lenstra, Ron Steinfeld, Scott Contini, Dimitar Jetchev and the anonymous reviewers for useful comments on the text. ...

doi:10.1007/978-3-642-22497-3_10 fatcat:gdtoukyf5nd6ph6fktr32pbysy

The same assumption was used for the SWIFFT hash function, which is secure for much smaller parameters than those proposed by Lyubashevsky. c 2012 Mathematical Institute, Slovak Academy of Sciences. 2010 ... This improvement leads to lower the communication cost, when comparing both schemes for a given security level. ... We are grateful to an anonymous referee for helpful comments. ...

doi:10.2478/v10127-012-0038-4 fatcat:xt42dbd7dvg4lhycgdg7slux3e

Szczepanski

We also provide a security proof for the two-party signature computation protocol against a classical adversary. Extending this proof to a quantum adversary is subject to future studies. ... This allows for more efficient two-party implementation compared with the original but still derives its post-quantum security directly from the Module Learning With Errors and Module Short Integer Solution ... It should be noted that this section does not present the exact parameter choice for the scheme and does not argue the bit security of the scheme for these parameters. ...

doi:10.3390/e23080989 fatcat:rv4dezl7lrebpo2rntfbrpcvia

DOAJ

See the NIHR Journals Library website for further project information. ... Below-elbow cast immobilisation for 6-10 weeks and urgent fixation of confirmed non-union. ... In addition, a general thanks to all those people whose commitment and efforts in the design and conduct of SWIFFT allowed us to successfully complete this study and this final report. ...

doi:10.3310/hta24520 pmid:33109331 fatcat:qqdd2cwiwfegjlz6clc2r6amya

DOAJ

Citation

Joseph Dias, Stephen Brealey, Liz Cook, Caroline Fairhurst, Sebastian Hinde, Paul Leighton, Surabhi Choudhary, Matthew Costa, Catherine Hewitt, Stephen Hodgson, Laura Jefferson, Kanagaratnam Jeyapalan, Ada Keding, Matthew Northgraves, Jared Palmer, Amar Rangan, Gerry Richardson, Nicholas Taub, Garry Tew, John Thompson, David Torgerson. "Surgical fixation compared with cast immobilisation for adults with a bicortical fracture of the scaphoid waist: the SWIFFT RCT." Health Technology Assessment 24.52 (2020) 1-234

The prover returns the result of the computation and a cryptographic proof for its correctness. ... s work and to a practical implementation of a streaming authenticated data structure that employs the efficient SWIFFT hash function, which we show to comply with our abstraction. ... Acknowledgments We thank Bobby Bhattacharjee, Youngsam Park, Elaine Shi and Emil Stefanov for many useful discussions. ...

doi:10.1145/2664168.2664177 dblp:conf/ccs/QianZCP14 fatcat:flgy3uvlmrg4rlx7fbuygztf4e

Next, we study the security impact of hash function defects for ROM signatures. ... Interestingly, for both of these schemes, a slight modification can prevent these attacks, while preserving the ROM security result. ... In [32] , it is noted that for any two inputs x 1 and x 2 such that x 1 + x 2 is a valid input, SWIFFT(x 1 ) + SWIFFT(x 2 ) = SWIFFT(x 1 + x 2 ). ...

doi:10.1007/978-3-642-03356-8_26 fatcat:vbjvlxawfzfztgra55nuebyw34

However, there is no such chain of reductions relating SPRING to lattice problems, because it uses small parameters for efficiency reasons. ... Consequently, the heuristic security of SPRING is evaluated using known attacks and the complexity of the best known algorithms for breaking the underlying hard problem. ... The choice of the modulus q = 257 is the same than in [LMPR08] for the SWIFFT hash-function. ...

doi:10.1007/978-3-319-59879-6_8 fatcat:z5plchfuh5gg3a2ie65l6gwzly

Secure Parameters for SWIFFT [chapter]

Preserved Fulltext

An Efficient Post-Quantum One-Time Signature Scheme [chapter]

Preserved Fulltext

Post-quantum cryptography: lattice signatures

Preserved Fulltext

Improved Zero-Knowledge Identification with Lattices [chapter]

Preserved Fulltext

Analyzing Progressive-BKZ Lattice Reduction Algorithm

Preserved Fulltext

Interpreting Hash Function Security Proofs [chapter]

Preserved Fulltext

Improved Combinatorial Algorithms for the Inhomogeneous Short Integer Solution Problem

Preserved Fulltext

Towards Efficient Arithmetic for Lattice-Based Cryptography on Reconfigurable Hardware [chapter]

Preserved Fulltext

Faster and Smoother – VSH Revisited [chapter]

Preserved Fulltext

Improved Zero-Knowledge Identification with Lattices

Preserved Fulltext

DiLizium: A Two-Party Lattice-Based Signature Scheme

Preserved Fulltext

Surgical fixation compared with cast immobilisation for adults with a bicortical fracture of the scaphoid waist: the SWIFFT RCT

Preserved Fulltext

Streaming Authenticated Data Structures

Preserved Fulltext

How Risky Is the Random-Oracle Model? [chapter]

Preserved Fulltext

Fast Lattice-Based Encryption: Stretching Spring [chapter]

Preserved Fulltext