Hi, at 3:50, why each of its entries is a 0 or 1 binary, then Alice's X is "unique"? at 4:05, why is x = (A^-1)*u actually a collision resistant hash function? the multiplication could not be done? why couldn't it be done?
at 6:27, is the task provided point b, we need to find the most suitable s which is a lattice point so that s is the most closest point of lattice to b? what is "a basis" here mean? why we here need "a basis"?
I'm glad it was helpful. Chris Peikert has several lectures on youtube that provide a more in depth analysis but that are still accessible without graduate level expertise.
is LWE problem based on Lattice? so that hardness of LWE problem is as hard as the problem of finding the suitable s in the lattice? so i could conclude that this cyptosystem's security is based on the hardness of LWE which is basically a field of the lattice cryptography ?
owe well my method involving multiple ways to convert 1 integer into 2 or more smaller integers in a reversible way geometrically shuffling isn't in NP space either it can only do symmetric encryption and hashing.
This may confuse some people at first. Here, we are talking about a lattice, which is kinda like a discrete module. Not to be confused with a lattice, which is an algebraic structure.
To transform a vector S of size m into a vector S' of size m - b where b is a positive integer, remove b gaussian sampled values from vector S. Alternatively for S' of size m + b, uniformly pad S with b entries of value 0 to obtain the desired dimensional match.
Hi, if b1.x = A.s.x + e1 .x, then how does it convert to b1.x = s.u + e1.x? we know that A.x = u, but does it mean we can reposition s at the beginning? won't it violate commutative property?
A bit late to answer, but it's actually s^T . A + e1^T, you have to account for transpose/row vector forms in those representation. You can see more of that here: th-cam.com/video/dbP2cgTsrRo/w-d-xo.html . Once you have that in the bag: (s^T.A + e1^T).x = s^T.A.x + e1^T.x = s^Tu + e1^T.x. Of note e2 is not a vector but a scalar -- see that the video creator did not put the bar on top of e2.
Downvoting... really bad narration. Reading from a script... but sounds as though he is like some junior high school student rushing through a passage that the teacher asked him to read in front of the class....
Thanks for taking the time to explain your decision. You are correct on almost all counts. But at the time of creation there was nothing particularly close to this video available as an introduction to the topic on YT, and it seems like several people have found it useful since then.
About time I find a video that "dumbs" down this topic into information my brain can actually digest.
DUDE, you just saved my whole physics assignment
Hi, at 3:50,
why each of its entries is a 0 or 1 binary, then Alice's X is "unique"?
at 4:05, why is x = (A^-1)*u actually a collision resistant hash function? the multiplication could not be done? why couldn't it be done?
at 5:01, why e
at 6:27, is the task provided point b, we need to find the most suitable s which is a lattice point so that s is the most closest point of lattice to b?
what is "a basis" here mean? why we here need "a basis"?
Thank you for simple yet great explanation..
I'm glad it was helpful. Chris Peikert has several lectures on youtube that provide a more in depth analysis but that are still accessible without graduate level expertise.
at 6:15, what the relation between this cryptosystem, LWE and lattice? Not even metion lattice here.
4:10 b2 is not a vector, is it?
3:58 probably you mean a pre-image resistant hash function?
Just what I was looking for. Thank You.
i realize it's quite off topic but does anybody know a good place to watch new tv shows online ?
@@salvadorronald4913 Netflix
is LWE problem based on Lattice? so that hardness of LWE problem is as hard as the problem of finding the suitable s in the lattice?
so i could conclude that this cyptosystem's security is based on the hardness of LWE which is basically a field of the lattice cryptography ?
owe well my method involving multiple ways to convert 1 integer into 2 or more smaller integers in a reversible way geometrically shuffling isn't in NP space either it can only do symmetric encryption and hashing.
This may confuse some people at first. Here, we are talking about a lattice, which is kinda like a discrete module. Not to be confused with a lattice, which is an algebraic structure.
I'm more even confused....
If A is a M*N matrix, then how come bob's secret vector S has M entries? wouldn't there be a dimension mismatch while calculating A*S?
To transform a vector S of size m into a vector S' of size m - b where b is a positive integer, remove b gaussian sampled values from vector S. Alternatively for S' of size m + b, uniformly pad S with b entries of value 0 to obtain the desired dimensional match.
Brilliant.
Lattices are *often* scaled over the integers, but it's definitely not true that the elements of the vectors themselves are.
You are absolutely right! I added this correction to the video description some time ago, but it's difficult to surface.
great video and well explained.
Hi, if b1.x = A.s.x + e1 .x, then how does it convert to b1.x = s.u + e1.x? we know that A.x = u, but does it mean we can reposition s at the beginning? won't it violate commutative property?
A bit late to answer, but it's actually s^T . A + e1^T, you have to account for transpose/row vector forms in those representation. You can see more of that here: th-cam.com/video/dbP2cgTsrRo/w-d-xo.html . Once you have that in the bag: (s^T.A + e1^T).x = s^T.A.x + e1^T.x = s^Tu + e1^T.x. Of note e2 is not a vector but a scalar -- see that the video creator did not put the bar on top of e2.
Yo I just completed algebra what is this lettuce cryptography you speak of?
Just dice the algebra, chop some bell pepper, and dress.
very cool video, thank you!
You never discuss the posets and how they relate to lattices. This video is great but it would have been nice for you to introduce that too.
thank you
It's Shor, not Shore
You are correct. There used to be an annotation in the video correcting the mistake, but TH-cam removed that functionality.
taking exponential time on a QTM is impossible because it already is too exponentially powerfull
Downvoting... really bad narration. Reading from a script... but sounds as though he is like some junior high school student rushing through a passage that the teacher asked him to read in front of the class....
Thanks for taking the time to explain your decision. You are correct on almost all counts. But at the time of creation there was nothing particularly close to this video available as an introduction to the topic on YT, and it seems like several people have found it useful since then.
Full of lies