Ring learning with errors key exchange: Difference between revisions

The security of this key exchange is based on the underlying hardness of [[Ring Learning with Errors|Ring Learning With Errors]] problem that has been proven to be as hard as the worst case solution to the [[Shortest vector problem|Shortest Vector Problem]] (SVP) in an [[Ideal lattice cryptography|Ideal Lattice]].<ref name=":4" /><ref name=":0" /> The best method to gauge the practical security of a given set of lattice parameters is the BKZ 2.0 lattice reduction algorithm.<ref>{{Cite book|title = BKZ 2.0: Better Lattice Security Estimates|url = httphttps://link.springer.com/chapter/10.1007/978-3-642-25385-0_1|publisher = Springer Berlin Heidelberg|date = 2011|isbn = 978-3-642-25384-3|pages = 1–20|series = Lecture Notes in Computer Science|first = Yuanmi|last = Chen|first2 = Phong Q.|last2 = Nguyen|editor-first = Dong Hoon|editor-last = Lee|editor-first2 = Xiaoyun|editor-last2 = Wang}}</ref> According to the BKZ 2.0 algorithm the key exchange parameters listed above will provide greater than 128 or 256 bits of security, respectively.