New paper released a week ago makes further improvements on New Hope, reducing decryption failure rates, ciphertext size and amount of entropy needed. This new version will be submitted as a NIST PQ competition candidate.
bancfc@openmailbox.org transcribed 0.6K bytes:
New paper released a week ago makes further improvements on New Hope, reducing decryption failure rates, ciphertext size and amount of entropy needed. This new version will be submitted as a NIST PQ competition candidate.
Hi!
Thanks for sharing this!
Point of clarification: rather than a new version of NewHope, it's a more efficient reconciliation method for R-LWE based KEX (and encryption schemes too, since the newer reconciliation makes the error rate low enough). The only connection to NewHope is that it uses the same parameter choices for the underlying polynomial ring.
But! This is exciting, not only because it has smaller message sizes and specifications for constant-time implementations (and decent reference code!), but because it appears to me¹ that this new method is not subject to the same patent claims as NewHope theoretically is.
¹ I am not a lawyer. (Fortunately.)
Best,
-
bancfc@openmailbox.org -
isis agora lovecruft