The cr.yp.to microblog: 2021.08.17 19:06:22

2021.08.17 19:06:22 (1427678201040367619) from Daniel J. Bernstein:

The proofs of "limits of Schnorr-like arguments over lattices" in https://eprint.iacr.org/2021/202 are very specific to the choice of prime-power cyclotomics. As a random example, for non-prime-power m=225, degree 120, the smallest norm in the mth cyclotomic is 1801.

2021.08.17 19:10:23 (1427679208709320707) from Daniel J. Bernstein:

Bigger examples: m=365, degree 288, smallest norm 6571; 415, 328, 11621. Of course the failure of the proof in these cases (i.e., most cases!) doesn't imply that there are better constructions. Also, perhaps more importantly, cyclotomics raise all sorts of security concerns.

2021.08.17 19:35:51 (1427685618981621766) from Daniel J. Bernstein:

Scientifically, it's puzzling that this paper doesn't cite https://math.leidenuniv.nl/~hwl/PUBLICATIONS/1977b/art.pdf, which considers very similar objects in formula (1.16), constructs exactly the same prime-power examples in (3.1), and includes many further constructions + proofs on this topic. @martinralbrecht

2021.08.17 19:55:47 (1427690634333155328) from Daniel J. Bernstein:

Followup papers include, e.g., https://link.springer.com/article/10.1007%2Fs00013-006-1019-0, which describes two algorithms that, given a field, search for these sequences. One would expect that a 2021 paper on these sequences for cyclotomic fields would report what those algorithms print out for cyclotomic fields.