Dear all,
Hi,
I'm happy to share our recent paper posted at IACR eprint (
https://eprint.iacr.org/2024/824) that aims to improve May's Meet-LWE attack and present some results for the efficient PQC schemes.
We would like to report that the results on SMAUG-T, NTRU+ parameters of our attack show reduced time/memory complexity compared to the May's attack.
For example, the estimated time complexities of our attack on SMAUG-T parameters {TiMER, SMAUG-T128, SMAUG-T192,SMAUG-T256} are 122, 147, 182, and 231 bits, respectively.
According to the Table 2 in the SMAUG-T document, the time complexities for Meet-LWE are reported as 144, 164, 214, and 283 bits, respectively.
Hence, to achieve the similar estimation of security in bits against our attack with the attack costs 'beyond Core-SVP' in their Table 3
in the SMAUG-T document , we recommend to raise the Hamming weight parameter (min(h_s, h_r)) to 114, 192, and 225 for the parameter sets TiMER, SMAUG-T192, and SMAUG-T256, respectively.
If you have any questions or comments, please let me know.
Best regards,
Joohee Lee, Eunmin Lee, Yuntao Wang.