Content deleted Content added
→Key Exchange Security: add implementations section |
|||
Line 72:
== Key Exchange Security ==
The security of this key exchange as well the underlying [[Ring Learning with Errors|Ring Learning With Errors]] method has been proven to be as hard as the worst case solution to the [[Shortest vector problem|Shortest Vector Problem]] (SVP) in an [[Ideal lattice cryptography|Ideal Lattice]].<ref name=":0" /> The best method to gauge the practical security of a given set of lattice parameters is the BKZ 2.0 lattice reduction algorithm.<ref>{{Cite book|title = BKZ 2.0: Better Lattice Security Estimates|url = http://link.springer.com/chapter/10.1007/978-3-642-25385-0_1|publisher = Springer Berlin Heidelberg|date = 2011|isbn = 978-3-642-25384-3|pages = 1–20|series = Lecture Notes in Computer Science|first = Yuanmi|last = Chen|first2 = Phong Q.|last2 = Nguyen|editor-first = Dong Hoon|editor-last = Lee|editor-first2 = Xiaoyun|editor-last2 = Wang}}</ref> According to the BKZ 2.0 algorithm the key exchange parameters listed above will provide greater than 128 or 256 bits of security, respectively.
==Implementations==
Douglas Stebila made [http://www.douglas.stebila.ca/research/papers/bcns15 a patch] for OpenSSL 1.0.1f.
== Other approaches ==
| |||