计算多项式倒数的算法
我正在寻找一种算法(或代码)来帮助我计算多项式的逆,我需要它来实现 NTRUEncrypt。我更喜欢易于理解的算法,有伪代码可以做到这一点,但它们很混乱且难以实现,而且我无法仅从伪代码真正理解该过程。
用于计算关于截断多项式环的多项式的逆的任何算法?
I'm looking for an algorithm (or code) to help me compute the inverse a polynomial, I need it for implementing NTRUEncrypt. An algorithm that is easily understandable is what I prefer, there are pseudo-codes for doing this, but they are confusing and difficult to implement, furthermore I can not really understand the procedure from pseudo-code alone.
Any algorithms for computing the inverse of a polynomial with respect to a ring of truncated polynomials?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我在 Security Innovation 工作,该公司拥有 NTRU,所以我很高兴看到这种兴趣。
IEEE 标准 1363.1-2008 指定如何使用最新的参数集实施 NTRUEncrypt。它给出了以下规范来反转多项式:
除法:
输入是 a 和 b,两个多项式,其中 b 的次数为 N-1,b_N 是 b 的首项系数。输出为 q 和 r,使得 a = q*b + r 且 deg(r) <度(b)。 r_d表示r的d次系数,即r的首项系数。
这里,r_d是d次r的系数。
扩展欧几里德算法:
Z_p 的逆,pa prime:
Z_p^e 的逆 / (M(X), pa prime, M(X) 一个合适的多项式,例如 X^N-1
如果您正在完整实现 NTRU您应该看看是否可以让您的机构购买 1363.1,因为原始 NTRU 加密对于主动攻击者来说并不安全,并且 1363.1 描述了解决该问题的消息处理技术
(2013 年 4 月 18 日更新:感谢 Sonel Sharam 发现了一些问题。之前版本有错误)
I work for Security Innovation, which owns NTRU, so I'm glad to see this interest.
The IEEE standard 1363.1-2008 specifies how to implement NTRUEncrypt with the most current parameter sets. It gives the following specifications to invert polynomials:
Division:
Inputs are a and b, two polynomials, where b is of degree N-1 and b_N is the leading coefficient of b. Outputs are q and r such that a = q*b + r and deg(r) < deg(b). r_d denotes the coefficient of r of degree d, i.e. the leading coefficient of r.
Here, r_d is the coefficient of r of degree d.
Extended Euclidean Algorithm:
Inverse in Z_p, p a prime:
Inverse in Z_p^e / (M(X), p a prime, M(X) a suitable polynomial such as X^N-1
If you're doing a full implementation of NTRU you should see if you can get your institution to buy 1363.1, as raw NTRU encryption isn't secure against an active attacker and 1363.1 describes message processing techniques to fix that.
(Update 2013-04-18: Thanks to Sonel Sharam for spotting some errors in the previous version)