NTRU Prime implementation
coderman
coderman at gmail.com
Sun Apr 13 07:00:36 PDT 2014
reification requested!
http://blog.cr.yp.to/20140213-ideal.html
"""
Here's a concrete suggestion, which I'll call NTRU Prime, for
eliminating the structures that I find worrisome in existing
ideal-lattice-based encryption systems. This suggestion uses a number
field of prime degree, so that the only subfield is Q; and uses an
irreducible polynomial xp-x-1 with a very large Galois group, so that
the number field is very far from having automorphisms. The best CVP
dimension seems to be about half the degree; this is optimal for
number fields without many real embeddings. (It's hard to create many
real embeddings while keeping coefficients small, and if coefficients
are large then there are other problems.) This suggestion also chooses
its modulus q so that (Z/q)[x]/(xp-x-1) is a field; this
simultaneously avoids (1) NTRU's traditional 2-adic structure and (2)
the linear splittings used in most recent papers.
"""
More information about the cypherpunks
mailing list