Analysis and Improvements of NTRU Encryption Paddings
نویسندگان
چکیده
NTRU is an efficient patented public-key cryptosystem proposed in 1996 by Hoffstein, Pipher and Silverman. Although no devastating weakness of NTRU has been found, Jaulmes and Joux presented at Crypto ’00 a simple chosen-ciphertext attack against NTRU as originally described. This led Hoffstein and Silverman to propose three encryption padding schemes more or less based on previous work by Fujisaki and Okamoto on strengthening encryption schemes. It was claimed that these three padding schemes made NTRU secure against adaptive chosen-ciphertext attacks (INDCCA2) in the random oracle model. In this paper, we analyze and compare the three NTRU schemes obtained. It turns out that the first one is not even semantically secure (IND-CPA). The second and third ones can be proven IND-CCA2–secure in the random oracle model, under however rather unusual assumptions. They indeed require a partialdomain one-wayness of the NTRU one-way function which is likely to be a stronger assumption than the one-wayness of the NTRU one-way function. We propose several modifications to achieve IND-CCA2–security in the random oracle model under the original NTRU inversion assumption.
منابع مشابه
QTRU: quaternionic version of the NTRU public-key cryptosystems
In this paper we will construct a lattice-based public-key cryptosystem using non-commutative quaternion algebra, and since its lattice does not fully fit within Circular and Convolutional Modular Lattice (CCML), we prove it is arguably more secure than the existing lattice-based cryptosystems such as NTRU. As in NTRU, the proposed public-key cryptosystem relies for its inherent securi...
متن کاملMaTRU: A New NTRU-Based Cryptosystem
In this paper, we propose a new variant of the NTRU public key cryptosystem − the MaTRU cryptosystem. MaTRU works under the same general principles as the NTRU cryptosystem, except that it operates in a different ring with a different linear transformation for encryption and decryption. In particular, it operates in the ring of k by k matrices of polynomials in R = Z[X]/(X−1), whereas NTRU oper...
متن کاملNTRU: A Ring-Based Public Key Cryptosystem
We describe NTRU, a new public key cryptosystem. NTRU features reasonably short, easily created keys, high speed, and low memory requirements. NTRU encryption and decryption use a mixing system suggested by polynomial algebra combined with a clustering principle based on elementary probability theory. The security of the NTRU cryptosystem comes from the interaction of the polynomial mixing syst...
متن کاملEfficiency Improvement for NTRU
The NTRU encryption scheme is an interesting alternative to well-established encryption schemes such as RSA, ElGamal, and ECIES. The security of NTRU relies on the hardness of computing short lattice vectors and thus is a promising candidate for being quantum computer resistant. There has been extensive research on efficient implementation of the NTRU encryption scheme. In this paper, we presen...
متن کاملCharacterizing NTRU-Variants Using Group Ring and Evaluating their Lattice Security
The encryption scheme NTRU is designed over a quotient ring of a polynomial ring. Basically, if the ring is changed to any other ring, NTRU-like cryptosystem is constructible. In this paper, we propose a variant of NTRU using group ring, which is called GRNTRU. GR-NTRU includes NTRU as a special case. Moreover, we analyze and compare the security of GR-NTRU for several concrete groups. It is ea...
متن کامل