deletions | additions       diff --git a/section_Abstract_This_paper_explores__.tex b/section_Abstract_This_paper_explores__.tex  index 8486dcc..7ac4444 100644  --- a/section_Abstract_This_paper_explores__.tex  +++ b/section_Abstract_This_paper_explores__.tex 
...
NTRU does appear to be immune to Shor's algorithm (which allows the attacker to quickly factor numbers and compute discrete logarithms). However, a Quantum Computer also allows an attacker to run Grover's algorithm\cite{Grover_1996}, which is able to find a $n$ bit solution to a problem in $2^{n/2}$ time. The question we would like to look at is 'how can Grover's algorithm be used to advantage in attacking NTRU?'  \section{NTRU Basics}  NTRU works in the ring of polynomials $Z[x]/x^N-1$, where $N$ is a prime. Computations in this ring are actually done modulo a prime power; NTRUEncrypt actually evaluates additions and multiplications modulo a prime power ($q$) and a small polynomial ($p$) during the course of its operation. However, all the operations that we'll examine are done modulo $q$ (where $q=2048$ is a typically choice), hence for the purposes of this paper, we can consider the ring to be $Z[x]/(x^N-1,q)$. In addition to the base NTRU operation, NTRUEncrypt uses a padding mechanism called \href{http://eprint.iarc.org/2003/172.pdf}{NAEP} NAEP\cite{Howgrave-Graham_2003}  to protect the underlying NTRU primitive from the attacker being able to deduce information from decryption failures. There are a number of parameter sets defined for NTRU; each parameter set includes the value of $N$ that are used during the NTRU operations, the values of $p$ and $q$, as well as the expected security level for this parameter set (that is, the value $k$ for which we expect any attack against this parameter set to take at least $O(2^k)$ operations.