LOTUS-KEM

From PQC WIKI


LOTUS-KEM - round 1

Variant
Description Learning with errors
Assumption LWE
Functionality PKE
Public Key
(bytes)
L1 ; 658950, L3; 1025000, L5; 1471000
Secret Key
(bytes)
L1; 700420, L3; 1101000, L5; 1590800
CIPH/SIG
(bytes)
L1; 1144, L3; 1456, L5; 1768
Attacks - Comment It is shown that KEM LOTUS 128 fails to achieve CCA security. The claim is confirmed by the designers and the proposal is revised. It is claimed by the designers that previously proposed attack does not apply anymore.
Security Discussions IND-CCA2
Challenges
Notes
Updated [