Open aszepieniec opened 8 months ago
With a framework like proptest, if the behavior is observed, it will be deterministically reproducible and moreover reduced to a minimally complex instance that still fails.
The Falcon team, in consultation with NIST, has decided to modify the keygen algorithm, see #7 . As a result of this modification, this issue may be solved.
For certain inputs the the loop in
babai_reduce
infalcon.rs
does not terminate. Unfortunately, it is difficult to trigger this behavior -- or I don't know how. Best I can do is catch the inputs when it happens, which is now done with a loop counter and a panic if the counter exceeds an arbitrary threshold.