Talk:SWIFFT

	This article is within the scope of WikiProject Cryptography, a collaborative effort to improve the coverage of Cryptography on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.CryptographyWikipedia:WikiProject CryptographyTemplate:WikiProject CryptographyCryptography articles
???	This article has not yet received a rating on the importance scale.
	This article is supported by WikiProject Computer science.

LLL algorithm not used[edit]

Introduction says the SWIFFT hash function uses the LLL basis reduction algorithm. This is false. I think the author meant to say something like "the security of the SWIFFT hash function, like many lattice-based cryptographic constructions, is oftentimes estimated from the computation time of the best lattice basis reduction algorithms such as LLL or BKZ."

Also the below comment "Not provably secure," the statement "scheme X is provably secure" has never meant "X is concretely secure without condition on scheme parameters." The article does not need to specify "there exists NP-hard problems that are thought to be concretely hard to solve such that, if these problems are, in fact, hard to solve, then the SWIFFT hash function is collision-resistant." Bggoode (talk) 17:20, 20 May 2021 (UTC)[reply]

Not provably secure[edit]

This article (similarly to some others) on a "provably secure" cryptographic hash function also relies on an incorrect understanding of NP-hardness: not all instances of NP-hard problems are difficult to solve, and many instances can be trivial to solve. So "provable security" based on NP-hardness only says that in some cases breaking the cryptographic hash function seems impracticaly. It certainly does not prove that it is impractical in all cases. The article should be fixed. — Preceding unsigned comment added by 130.233.97.85 (talk) 10:59, 19 August 2019 (UTC)[reply]