Revision as of 13:06, 17 December 2020 edit Monkbot (talk \| contribs) Bots 3,695,952 edits m Task 18 (cosmetic): eval 18 templates: del empty params (10×); hyphenate params (5×); Tag: AWB ← Previous edit		Revision as of 08:54, 22 December 2020 edit undo Beland (talk \| contribs) Autopatrolled, Administrators 259,081 edits m MOS:RADICAL, convert special characters (via WP:JWB) Next edit →
Line 83: For 256 bits of security, ''n'' = 1024, ''q'' = 40961, and <math>\Phi(x) = x^{1024} + 1</math> Because the key exchange uses random sampling and fixed bounds there is a small probability that the key exchange will fail to produce the same key for the initiator and responder. If we assume that the Gaussian parameter ''σ'' is <math display=inline>\frac{8~~/√(2~~}{\sqrt{2\pi}})</math> and the uniform sampling bound (''b'') = 5 (see Singh),<ref name=":1" /> then the probability of key agreement failure is <u>less than</u> 2<sup>−71</sup> for the 128-bit secure parameters and <u>less than</u> 2<sup>−91</sup> for the 256-bit secure parameters. In their November 2015 paper, Alkim, Ducas, Pöppelmann, and Schwabe recommend the following parameters n = 1024, q =12289, and <math>\Phi(x)</math> = x<sup>1024</sup> + 1.<ref name=":3" /> This represents a 70% reduction in public key size over the n = 1024 parameters of Singh, and was submitted to NIST's [[Post-Quantum Cryptography Standardization]] project under the name [[NewHope]].

Ring learning with errors key exchange: Difference between revisions