Talk:NTRUSign

minimum number of signatures
2 MarioS Here is quote from the original article "The minimal number of signatures to make the attack successful in our experiments was 90,000, in which case the required number of random descents to run was about 400.". Therefore 400 is not number of signatures, the 90000 is.

Ilya.kuzovkin (talk) 13:01, 19 June 2012 (UTC)


 * you quote from the section "Without exploiting the symmetries of NTRU lattices". in the section "Exploiting the symmetries of NTRU lattices" (on the same page), the authors write "as few as 400 signatures are enough in practice to recover the secret key, though the corresponding 100,400 parallelepiped samples are not independent. This means that the previous number of 90,000 signatures required by the attack can be roughly divided by N = 251." --MarioS (talk) 09:52, 20 June 2012 (UTC)


 * True, You are right. The version of the paper I have somehow does not have this section. Ilya.kuzovkin (talk) 10:43, 20 June 2012 (UTC)