Revision as of 10:35, 4 December 2022 edit 2003:e7:4f0d:2d17:91a1:95f5:8db0:dcb0 (talk) →Introduction: the cryptosystem "new hope" is always capitalized. In fact it is often written as "NewHope" but in the context here, using a space seems more appropirate ← Previous edit		Revision as of 14:23, 28 December 2022 edit undo 91.221.58.205 (talk) Avoid plural "s" for math variable Tag: Visual edit: Switched Next edit →
Line 27: : <math> a(x) = a_0 + a_1 x + a_2 x^2 + \cdots + a_{n-3} x^{n-3} + a_{n-2} x^{n-2} + a_{n-1} x^{n-1} </math> The coefficients <math>a_i</math> of this polynomial~~, the ''a''<sub>''i''</sub>s,~~ are integers mod ''q''. The polynomial <math>\Phi(x)</math> will be the [[cyclotomic polynomial]]. When ''n'' is a power of 2 then <math>\Phi(x) = x^n +1.</math><ref name=":1" /><ref>{{Cite web\|title = Cryptology ePrint Archive: Report 2015/1120\|url = https://eprint.iacr.org/2015/1120\|website = eprint.iacr.org\|access-date = 2015-12-23}}</ref> The RLWE-KEX uses polynomials which are considered "small" with respect to a measure called the "[[infinity norm]]." The infinity norm for a polynomial is simply the value of the largest coefficient of the polynomial when the coefficients are considered as integers in '''Z''' rather than <math>Zq</math> (i.e.from the set {−(''q'' − 1)/2,..., 0, ... (''q'' − 1)/2} ). The algorithm's security depends on an ability to generate random polynomials which are small with respect to the infinity norm. This is done simply by randomly generating the coefficients for a polynomial (s<sub>n-1</sub>, ..., s<sub>0</sub>) which are guaranteed or very likely to be small. There are two common ways to do this:

Ring learning with errors key exchange: Difference between revisions