Re: Why hasn't NTRU gained more penetration?

On 2011-08-13, Fritz Wuehler <fritz@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
"amzoti" <amzoti@xxxxxxxxx> wrote in message news:a0badb7c-228c-4abb-
991b-257dd96062d7@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I was looking at a recent posting regarding updated NTRU code and
decided to look at the algorithm a bit closer.

I am not a big fan of the quantum ideologues claiming that quantum will end RSA and ECC, but was intrigued by the key size arguments.

Why has NTRU not made similar progress as ECC (that is a total guess on my side, but I just don't see the same market acceptance of NTRU)?

Is it a function of cost, complexity, patents or something else?


Patents and licensing costs is my guess. There are plenty of good,
secure and cost-free ciphers out there (both symmetric, asymmetric and
stream). In addition there isn't even 100% certainty that NTRU will be
secure from quantum algorithms. As far as we know it's safe AT THIS
MOMENT but once quantum computers arrive someone could develop a
quantum algorithm that makes solving NTRU trivial. Aside from that,
there aren't any quantum computers around and there's no telling how
long it will be before they become a reality and capable of breaking,
say, RSA or ECC. It could be 5 years, could be 50 years. It may prove
difficult to assemble 4096 entangled qbits. It may even be

Actually you will need a lot more than that. The algorithm itself
requires at least twice that many, plus error correction requires at
least 5-9 times as many for each level of error correction Thus one
would need something more than 1000000 qbits to break presently used
RSA.


theoretically impossible or infeasible to entangle more than a certain
number of qbits. We don't know yet.


.

Relevant Pages

  • Is there a survey on the wide range of algorithms derived from Shors
    ... One line description of what it does (Factoring large numbers, ... for Prime Factorization and Discrete Logarithms on a Quantum ... operations for the factoring algorithm. ...
    (sci.physics.research)
  • Re: The first great falacy of Chaitins Theory
    ... algorithmic information theory is very useful, particularly for experimental mathematics. ... Finding natural applications of novel mathematics is generally the goal of mathematical research, besides that of knowledge for its own sake. ... It's like the other day when there was some news that an experiment on a quantum system was supposed to show some consequence of there being an undecideable theory. ... Chaitin's constant purports to be the probability that a "random" algorithm halts. ...
    (sci.math)
  • Re: Why hasnt NTRU gained more penetration?
    ... I am not a big fan of the quantum ideologues claiming that quantum will end RSA and ECC, but was intrigued by the key size arguments. ... Why has NTRU not made similar progress as ECC? ...
    (sci.crypt)
  • Re: Why hasnt NTRU gained more penetration?
    ... I am not a big fan of the quantum ideologues claiming that quantum will end RSA and ECC, but was intrigued by the key size arguments. ... Why has NTRU not made similar progress as ECC? ... quantum algorithm that makes solving NTRU trivial. ...
    (sci.crypt)
  • Re: Church-Turing thesis and quantum computers
    ... Despite the recursive non-computability of Hilbert's tenth problem, ... outline and argue for a quantum algorithm that is based on the Quantum ... It is explained how this algorithm can solve ... the limited computability of a class of quantum computation based on ...
    (sci.math)