Wikipedia

Ring learning with errors signature: Difference between revisions

Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
Cryptocat (talk | contribs)
55 edits
Fixed Error in References
Added a link to parameter sets for RLWE
Line 40:
Following GLP and as noted above, the maximum degree of the polynomials will be n-1 and therefore have n coefficients.<ref name=":0" /> Typical values for n are 512, and 1024.<ref name=":0" /> The coefficients of these polynomials will be from the field F<sub>q</sub> where q is an odd prime congruent to 1 mod 4. For n =512 the authors of GLP set q to be a 22 bit prime and the corresponding b value to be 2<sup>14</sup>. For n=1024, GLP sets q to be a 23-bit prime and b to be 2<sup>15</sup>.<ref name=":0" /> The number of non-zero coefficients k produced by the hash function is equal to 32 for both cases.<ref name=":0" /> The security of the signature scheme is closely tied to the relative sizes of n, q, b, and k. Details on setting these parameters can be found in references 5 and 6 below.<ref name=":1" /><ref name=":0" />
 
As noted above, the polynomial Φ(x) which defines the ring of polynomials used will be x<sup>n</sup> + 1. Finally, a(x) will be a randomly chosen and fixed polynomial with coefficients from the set { -(q-1)/2 to (q-1)/2 }. All signers and verifiers of signatures will know n, q, b, k, Φ(x), a(x) and '''β''' = b-k.
 
== Public Key Generation ==
Line 86:
* Work by Bai and Galbraith on short signatures documented [https://eprint.iacr.org/2013/838 here].<ref>{{Cite web|title = Cryptology ePrint Archive: Report 2013/838|url = https://eprint.iacr.org/2013/838|website = eprint.iacr.org|access-date = 2016-01-17}}</ref>
* Work by Akleylek, Bindel, Buchmann, Kramer and Marson on security proofs for the signature with fewer security assumptions and documented [https://eprint.iacr.org/2015/755 here].<ref>{{Cite web|title = Cryptology ePrint Archive: Report 2015/755|url = https://eprint.iacr.org/2015/755|website = eprint.iacr.org|access-date = 2016-01-17}}</ref>
A listing of various parameter sets for Ring Learning with Errors Signatures is given at ringlwe.info ([http://www.ringlwe.info/parameters-for-rlwe.html click here])<ref>{{Cite web
Another approach to signatures based on Ring Learning with Errors is a variant of the patented NTRU family of lattice based cryptography. The primary example of this approach is a signature known as the Bimodal Lattice Signature Scheme (BLISS). It was developed by Ducas, Durmas, Lepoint and Lyubashevsky and documented in their paper "Lattice Signatures and Bimodal Gaussians."<ref>{{Cite web|title = Cryptology ePrint Archive: Report 2013/383|url = https://eprint.iacr.org/2013/383|website = eprint.iacr.org|access-date = 2016-01-17}}</ref>
| url = http://www.ringlwe.info/parameters-for-rlwe.html
| title = Parameters for RLWE
| website = Ring Learning with Errors
| access-date = 2016-02-28
}}</ref>
 
Another approach to signatures based on Ringlattices Learningover with ErrorsRings is a variant of the patented NTRU family of lattice based cryptography. The primary example of this approach is a signature known as the Bimodal Lattice Signature Scheme (BLISS). It was developed by Ducas, Durmas, Lepoint and Lyubashevsky and documented in their paper "Lattice Signatures and Bimodal Gaussians."<ref>{{Cite web|title = Cryptology ePrint Archive: Report 2013/383|url = https://eprint.iacr.org/2013/383|website = eprint.iacr.org|access-date = 2016-01-17}}</ref>
 
== References ==
Retrieved from "https://en.wikipedia.org/wiki/Ring_learning_with_errors_signature"