|
|
|
|
|
|
by vinnyvichy
794 days ago
|
|
|
EDIT: discussion of bug on stack exchange (pointed from Aaronson's blog (mentor of one of the guys who found the bug): https://crypto.stackexchange.com/questions/111385/polynomial... Not only that Yilei annotated with the bug his paper(p37): "Yilei (April 18) Here is the bug: the amplitude of |φ8.f ⟩ does not satisfy M/2
-periodicity. Another way of
explaining the bug is: the support of |φ8.f ⟩ contains p1...pκ vectors. After domain extension, we should
have got p1p2...pκ · p2...pκ vectors, but as the way |φ8.g⟩ is written, it only contains p1...pκ vectors. So
the expression of |φ8.g⟩ is wrong." https://eprint.iacr.org/2024/555.pdf |
|
|