deletions | additions       diff --git a/section_Abstract_This_paper_explores__.tex b/section_Abstract_This_paper_explores__.tex  index 36f1917..8fb1c05 100644  --- a/section_Abstract_This_paper_explores__.tex  +++ b/section_Abstract_This_paper_explores__.tex 
...
When we select a private key for NTRUEncrypt, we select two polynomials $F$ and $G$ with specific sets of coefficients; we also need to make sure that $F$ is invertible. Once we have that, we can compute the public polynomial $H = F^{-1}G$.  \section{Plaintext Recovery Attack}  When someone with the NTRUEncrypt public key does an public key encryption, it runs through this process: first, he examines the public key to get its security level $k$ (that is, for  the parameter set of the public key was designed to withstand attacks that use at most $O(2^k)$ operations). set.  He then selects a $k$-bit random value $b$, and encodes that value (along with the plaintext $m$ and part of the public key) to form a string; it then uses that string as a seed to a random number generator to select a polynomial $R$; he then encodes the plaintext (and $b$) as a polynomial $M$, extracts the polynomial $H$ from the public key, and outputs the polynomial $HR+M$ as the ciphertext. Now, it is slightly more complicated than that; the polynomial $R$ is subject to tests to make sure that it has sufficiently high weight; if it does not, it is rejected (and a different random value for $b$ is selected). However, it turns out that does not matter for this attack.