Regarding the arXiv preprint by Eldar and Shor
2,325 views
Skip to first unread message
Oded Regev
Nov 24, 2016, 7:57:37 AM11/24/16
to Cryptanalytic algorithms
Dear all,
Yesterday Lior Eldar and I found a flaw in the algorithm proposed
in the arXiv preprint. I do not see how to salvage anything from
the algorithm. The security of lattice-based cryptography against
quantum attacks therefore remains intact and unchanged.
Regards,
Oded
frederik.v...@gmail.com
Nov 24, 2016, 8:14:22 PM11/24/16
to Cryptanalytic algorithms
Hi Oded
Could you give an indication as to where the actual flaw is in the paper?
Thanks much
Fre
Joseph Darrow
Dec 5, 2016, 6:11:14 PM12/5/16
to Cryptanalytic algorithms
Dear all,
This flaw is described in the withdrawal message "This paper has been withdrawn by the author due to an error in Fact 7: the concentration of measure of the n-dimensional sinc^2 function is not a probability of at least 1-n^{-3} for vectors of length at most n^2, but rather 1 - n^{-1.5} for vectors of length n^3".
https://arxiv.org/abs/1611.06999
Despite that the security of lattice-based cryptography against
quantum attacks remains intact, this paper could have caused enough doubt for Google to end their lattice-based cryptography experiment (CECPQ1) already after 4 months instead of the planned 2 years.
https://www.imperialviolet.org/2016/11/28/cecpq1.html
Regards,
Joseph
Op vrijdag 25 november 2016 02:14:22 UTC+1 schreef Frederik Vercauteren:
This flaw is described in the withdrawal message "This paper has been withdrawn by the author due to an error in Fact 7: the concentration of measure of the n-dimensional sinc^2 function is not a probability of at least 1-n^{-3} for vectors of length at most n^2, but rather 1 - n^{-1.5} for vectors of length n^3".
https://arxiv.org/abs/1611.06999
Despite that the security of lattice-based cryptography against
quantum attacks remains intact, this paper could have caused enough doubt for Google to end their lattice-based cryptography experiment (CECPQ1) already after 4 months instead of the planned 2 years.
https://www.imperialviolet.org/2016/11/28/cecpq1.html
CECPQ1
CECPQ1
Regards,
Joseph
Op vrijdag 25 november 2016 02:14:22 UTC+1 schreef Frederik Vercauteren:
Deirdre Connolly
Dec 5, 2016, 6:49:03 PM12/5/16
to Joseph Darrow, Cryptanalytic algorithms
> this paper could have caused enough doubt for Google to end their lattice-based cryptography experiment (CECPQ1) already after 4 months instead of the planned 2 years
The Chrome team do not want their hybrid key exchange to become a standard, and since it sounds like they collected enough data/achieved their goals, they are disabling it early.
"We do not want to promote CECPQ1 as a de-facto standard and so a future Chrome update will disable CECPQ1 support." https://www.imperialviolet.org/2016/11/28/cecpq1.html
"We do not want to promote CECPQ1 as a de-facto standard and so a future Chrome update will disable CECPQ1 support." https://www.imperialviolet.org/2016/11/28/cecpq1.html
--
You received this message because you are subscribed to the Google Groups "Cryptanalytic algorithms" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cryptanalytic-algo...@googlegroups.com.
To post to this group, send email to cryptanalyti...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cryptanalytic-algorithms/c578271a-6957-4c43-9f9b-e0184422afac%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Alperin-Sheriff, Jacob (Fed)
Dec 6, 2016, 9:07:57 AM12/6/16
to Cryptanalytic algorithms
Thanks for leaving standardization to us at NIST, Google. I mean that sincerely!
To view this discussion on the web visit https://groups.google.com/d/msgid/cryptanalytic-algorithms/CAFR824yC7pHq57APVntEU62oyFDtsENHJmiJuB-9Bg-NFazWWg%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages