Difference between revisions of "SWIFFT"

     howpublished = {Cryptology ePrint Archive, Report 2008/493},

     howpublished = {Cryptology ePrint Archive, Report 2008/493},

     year = {2008},

     year = {2008},

     abstract = {The SWIFFT compression functions, proposed by Lyubashevsky et al. at FSE 2008, are very efficient instantiations of generalized compact knapsacks. They have the unique property, that asymptotically fi�nding collisions for a random compression function implies being able to solve the worst case of computationally hard lattice problems. We present two results. First, we show that the scheme works equally efficient, when the main security parameter n is the predecessor of a prime instead of a power of two. Then, we present parameter generation algorithms for both cases. Second, we give experimental evidence that fi�nding pseudo-collisions for SWIFFT, is as hard as breaking a 87-bit symmetric cipher according to Lenstra's predictions. We then suggest conservative parameters, corresponding to 100-bit security.},

     abstract = {The SWIFFT compression functions, proposed by Lyubashevsky et al. at FSE 2008, are very efficient instantiations of generalized compact knapsacks. They have the unique property, that asymptotically fi�nding collisions for a random compression function implies being able to solve the worst case of computationally hard lattice problems. We present two results. First, we show that the scheme works equally efficient, when the main security parameter n is the predecessor of a prime instead of a power of two. Then, we present parameter generation algorithms for both cases. Second, we give experimental evidence that fi�nding pseudo-collisions for SWIFFT, is as hard as breaking a 87-bit symmetric cipher according to Lenstra's predictions. We then suggest conservative parameters, corresponding to 100-bit security.},

}

}

</bibtex>

</bibtex>