Ring learning with errors key exchange: Difference between revisions

The security of this key exchange as well the underlying Ring Learning With Errors method has been proven to be as hard as the worst case solution to the [[Shortest vector problem|Shortest Vector Problem]] (SVP) in an [[Ideal lattice cryptography|Ideal Lattice]].<ref name=":0" /> The best method to gauge the practical security of a given set of lattice parameters is the BKZ 2.0 lattice reduction algorithm. <ref>{{Cite book|title = BKZ 2.0: Better Lattice Security Estimates|url = http://link.springer.com/chapter/10.1007/978-3-642-25385-0_1|publisher = Springer Berlin Heidelberg|date = 2011|isbn = 978-3-642-25384-3|pages = 1-20|series = Lecture Notes in Computer Science|language = en|first = Yuanmi|last = Chen|first2 = Phong Q.|last2 = Nguyen|editor-first = Dong Hoon|editor-last = Lee|editor-first2 = Xiaoyun|editor-last2 = Wang}}</ref> According to the BKZ 2.0 algorithm the key exchange parameters listed above will provide greater than 128 or 256 bits of security, respectively.