This post is not about elliptic curve cryptography, but I think some readers will be interested in the issue. The topic is cryptosystems based on ideal lattices, and in particular the recent “Soliloquy” paper from GCHQ. Two recent blog posts are worth reading:
Dan Bernstein has written a blog post that fleshes-out some of the details. In the comments there is an extensive response by Chris Peikert and also some further discussion.
My impression is that the ideas used by GCHQ do not threaten NTRU or Ring-LWE. But it is certainly good to see these algorithmic ideas documented. One of the drawbacks of our publication model is that “failed ideas” do not get written up and shared. Instead, the ideas become known to experts and considered as “folklore”. It is of value to the global research community to disseminate ideas more widely.
— Steven Galbraith