{ "comments" : [{"author": "Zooko Wilcox-O&#x27;Hearn", "email": "7fc91647150257a2900b063d1f317cab", "website": "https://LeastAuthority.com", "submitted": "2013-08-20 14:09:26", "comment": "<p>Wei Dai's Crypto++ library has had a defense against re-used k-values for many years.</p>"},{"author": "John Smith", "email": "558dea8e493c141740726a6df691cb0c", "website": "", "submitted": "2013-08-20 22:43:14", "comment": "<p>I would not be too hasty to recommend NTRU. Their signatures <a href=\"http://www.di.ens.fr/~ducas/NTRUSign_Cryptanalysis/\">keep getting broken</a>, and the underlying problem is not nearly as well understood as the mainstream algorithms.</p>"},{"author": "John Smith", "email": "558dea8e493c141740726a6df691cb0c", "website": "", "submitted": "2013-08-20 22:45:07", "comment": "<p>I would not be too hasty to recommend NTRU. Their signatures <a href=\"http://www.di.ens.fr/~ducas/NTRUSign_Cryptanalysis/\">keep getting broken</a>, and the underlying problem is not nearly as well understood as the mainstream algorithms.</p>"},{"author": "William Whyte", "email": "cb25bb18a9d76b42a579714cdb029c8f", "website": "http://www.securityinnovation.com", "submitted": "2013-11-25 11:54:06", "comment": "<p>Just wanted to let you know that Security Innovation (my employer, which owns the NTRU patents) has made them all available under GPL. We're looking at other open-source licenses that we might also use. Hopefully this will make it easier for people to experiment with NTRU.</p>\n<p>John Smith -- NTRUSign leaks information about the private key, but the PASSSign scheme (http://eprint.iacr.org/2013/757) doesn't. While it's fair to say that lattice reduction in ideal lattices hasn't been studied as closely as, e.g., integer factorization, it's a well-understood problem and used in a number of different cryptosystems, not just NTRU (e.g. Gentry's fully homomorphic encryption schemes).</p>"}] }