Raw File
Tip revision: ab5e5e54fdb13d95faf6431650c5a370a2a693cd authored by Alessandro Barenghi on 01 October 2018, 08:17:24 UTC
Changed parameters according to the revised ones present in the official comment
Tip revision: ab5e5e5
Version 1.1.0 (tag v1.1.0)

* Changed the code parameters according to the ones computed for tight
security bounds with the tools provided in the

Version 1.0.2 (tag v1.0.2)

* Fixed decoding bug, unelicited by submission parameters.

* Fixed sparse multiplication bug, unelicited by submission parameters.

* Added forced zero filling for the memory area which subsequently holds 
  the data to be hashed whenever a decoding failure takes place.

Version 1.0.1 (tag v1.0.1)

* Added the secret key to the hash which generates the pseudorandom value
  for the encapsulated secret in case of decoding failure. This addresses 
  the official comment made by Keita Xagawa about the OW-CPA of the scheme.

* Added explicit count of the error vector weight. Decoding an error with
  a different weight from the expected one (t) always results in a decryption
  Prevents trivial reaction attacks which forge messages with a number of errors
  (slightly) higher than the specification.

* Workaround for an apparent mistranslation of the code in the Clang/LLVM compilation
  toolchain of macOS Sierra 16.6.0, pointed out by Jacob Alperin-Sheriff.

Version 1.0 (tag v1.0)

* Original submission to NIST
back to top