This repository has been archived by the owner. It is now read-only.

# investigate junk data for N=11, p=3, q=32 #2

Closed
opened this Issue May 29, 2014 · 4 comments

## Comments

Projects
None yet
1 participant
Owner

### hasufell commented May 29, 2014

 Some encrypted polynomials don't recover properly with the following setup. Could be related to poly_starmultiply(). ``````N = 11, p = 3, q = 32 f = -1 + x + x^2 - x^4 + x^6 + x^9 - x^10 g = -1 + x^2 + x^3 + x^5 - x^8 - x^10 random polynomial for encryption: -1 + x^2 + x^3 + x^4 - x^5 - x^7 polynomial to encrypt: 1 - x - x^2 + x^3 + x^4 - x^5 - x^6 + x^7 - x^8 - x^9 + x^10 encrypted polynomial: 16 + 10 * x + 25 * x^2 + 24 * x^3 + 16 * x^4 + 15 * x^5 + 29 * x^6 + 8 * x^7 + 25 * x^8 + 4 * x^9 + 19 * x^10 decrypted polynomial (malformed!): -x^2 - x^4 - x^5 - x^7 + x^8 - x^9 - x^10 ``````

Owner

### hasufell commented May 30, 2014

 This seems to only happen if the polynomial f for the private key is of degree N - 1. If it is less, then it does not happen.
Owner

### hasufell commented Jun 1, 2014

 The problem is the following: Random polynomials for encryption need to hold the following condition in order for the probability of unrecoverable messages to be less than e.g. `2^-80`: `q > (6 * d + 1) * p` where d is the amount of -1 and 1 in the random polynomial. This suggests that the wikipedia article needs a fix. Reference to the condition above is here: http://www.math.uni-hamburg.de/home/kuehn/moldenhauer-bsc-NTRUKryptosystem-final.pdf

Open

Owner

Owner

### hasufell commented Jun 4, 2014

 best we can do is to provide checks for the parameters

### hasufell closed this Jun 4, 2014

to subscribe to this conversation on GitHub. Already have an account? Sign in.