Fast constant-time gcd computation and modular inversion
DJ Bernstein, BY Yang - IACR Transactions on Cryptographic …, 2019 - tches.iacr.org
This paper introduces streamlined constant-time variants of Euclid's algorithm, both for
polynomial inputs and for integer inputs. As concrete applications, this paper saves time in …
polynomial inputs and for integer inputs. As concrete applications, this paper saves time in …
[PDF][PDF] Research Online
VNT Le, B Apopei, K Alameh - Sciences, 2018 - academia.edu
Abstract© The Institution of Engineering and Technology 2019. The modulus switching
technique has been used in some cryptographic applications as well as in cryptanalysis. For …
technique has been used in some cryptographic applications as well as in cryptanalysis. For …
BAT: Small and fast KEM over NTRU lattices
We present BAT–an IND-CCA secure key encapsulation mechanism (KEM) that is based on
NTRU but follows an encryption/decryption paradigm distinct from classical NTRU KEMs. It …
NTRU but follows an encryption/decryption paradigm distinct from classical NTRU KEMs. It …
Comparing proofs of security for lattice-based encryption
DJ Bernstein - Cryptology ePrint Archive, 2019 - eprint.iacr.org
This paper describes the limits of various" security proofs", using 36 lattice-based KEMs as
case studies. This description allows the limits to be systematically compared across these …
case studies. This description allows the limits to be systematically compared across these …
Visualizing size-security tradeoffs for lattice-based encryption
DJ Bernstein - Cryptology ePrint Archive, 2019 - eprint.iacr.org
There are many proposed lattice-based encryption systems. How do these systems compare
in the security that they provide against known attacks, under various limits on …
in the security that they provide against known attacks, under various limits on …
On using RSA/ECC coprocessor for ideal lattice-based key exchange
A Greuet, S Montoya, G Renault - … , October 25–27, 2021, Proceedings 12, 2021 - Springer
Polynomial multiplication is one of the most costly operations of ideal lattice-based
cryptosystems. In this work, we study its optimizations when one of the operands has …
cryptosystems. In this work, we study its optimizations when one of the operands has …
Verifying solutions to LWE with implications for concrete security
A key step in Regev's (2009) reduction of the Discrete Gaussian Sampling (DGS) problem to
that of solving the Learning With Errors (LWE) problem is a statistical test required for …
that of solving the Learning With Errors (LWE) problem is a statistical test required for …
Classical reduction of gap SVP to LWE: A concrete security analysis
Regev (2005) introduced the learning with errors (LWE) problem and showed a quantum
reduction from a worst case lattice problem to LWE. Building on the work of Peikert (2009), a …
reduction from a worst case lattice problem to LWE. Building on the work of Peikert (2009), a …
[PDF][PDF] Performance Evaluation of Round 2 Submissions for the NIST Post-Quantum Cryptography Project
K Baptista - Performance Evaluation, 2020 - core.ac.uk
This paper looks at the submissions for round 2 of a competition held by National Institute of
Standards and Technology (NIST) to find an encryption standard resistant to attacks by post …
Standards and Technology (NIST) to find an encryption standard resistant to attacks by post …
Impact of<? show [AQ ID= Q1]?> the modulus switching technique on some attacks against learning problems
The modulus switching technique has been used in some cryptographic applications as well
as in cryptanalysis. For cryptanalysis against the learning with errors (LWE) problem and the …
as in cryptanalysis. For cryptanalysis against the learning with errors (LWE) problem and the …