Talk:SWIFFT

LLL algorithm not used
Introduction says the SWIFFT hash function uses the LLL basis reduction algorithm. This is false. I think the author meant to say something like "the security of the SWIFFT hash function, like many lattice-based cryptographic constructions, is oftentimes estimated from the computation time of the best lattice basis reduction algorithms such as LLL or BKZ."

Also the below comment "Not provably secure," the statement "scheme X is provably secure" has never meant "X is concretely secure without condition on scheme parameters." The article does not need to specify "there exists NP-hard problems that are thought to be concretely hard to solve such that, if these problems are, in fact, hard to solve, then the SWIFFT hash function is collision-resistant." Bggoode (talk) 17:20, 20 May 2021 (UTC)

Not provably secure
This article (similarly to some others) on a "provably secure" cryptographic hash function also relies on an incorrect understanding of NP-hardness: not all instances of NP-hard problems are difficult to solve, and many instances can be trivial to solve. So "provable security" based on NP-hardness only says that in some cases breaking the cryptographic hash function seems impracticaly. It certainly does not prove that it is impractical in all cases. The article should be fixed. — Preceding unsigned comment added by 130.233.97.85 (talk) 10:59, 19 August 2019 (UTC)