Revision as of 22:30, 6 September 2017 edit Rvip85 (talk \| contribs) 434 edits →The Key Exchange ← Previous edit		Revision as of 22:30, 6 September 2017 edit undo Rvip85 (talk \| contribs) 434 edits →Parameter choices Next edit →
Line 73: The RWLE-KEX exchange presented above worked in the Ring of Polynomials of degree n-1 or less mod a polynomial <nowiki><math>\Phi(x)</math></nowiki>. The presentation assumed that n was a power of 2 and that q was a prime which was congruent to 1 (mod 2n). Following the guidance given in Peikert's paper, Singh suggested two sets of parameters for the RLWE-KEX. For 128 bits of security, n = 512, q = 25601, and ~~<nowiki>~~<math>\Phi(x)</math~~></nowiki~~> = x<sup>512</sup> + 1 For 256 bits of security, n = 1024, q = 40961, and ~~<nowiki>~~<math>\Phi(x)</math~~></nowiki~~> = x<sup>1024</sup> + 1 Because the key exchange uses random sampling and fixed bounds there is a small probability that the key exchange will fail to produce the same key for the initiator and responder. If we assume that the Gaussian parameter σ is 8/sqrt(2π) and the uniform sampling bound (b) = 5 (see Singh),<ref name=":1" /> then the probability of key agreement failure is <u>less than</u> 2<sup>−71</sup> for the 128-bit secure parameters and <u>less than</u> 2<sup>−91</sup> for the 256-bit secure parameters.

Ring learning with errors key exchange: Difference between revisions