Quantum Cryptanalysis of NTRU
نویسنده
چکیده
This paper explores some attacks that someone with a Quantum Computer may be able to perform against NTRUEncrypt, and in particular NTRUEncrypt as implemented by the publicly available library from Security Innovation. We show four attacks that an attacker with a Quantum Computer might be able to perform against encryption performed by this library. Two of these attacks recover the private key from the public key with less effort than expected; in one case taking advantage of how the published library is implemented, and the other, an academic attack that works against four of the parameter sets defined for NTRUEncrypt. In addition, we also show two attacks that are able to recover plaintext from the ciphertext and public key with less than expected effort. This has potential implications on the use of NTRU within TOR, as suggested by Whyte and Schanck[3]
منابع مشابه
Cryptanalysis of NTRU with two Public Keys
NTRU is a fast public key cryptosystem presented in 1996 by Hoffstein, Pipher and Silverman. It operates in the ring of truncated polynomials. In NTRU, a public key is a polynomial defined by the combination of two private polynomials. In this paper, we consider NTRU with two different public keys defined by different private keys. We present a lattice-based attack to recover the private keys a...
متن کاملQuantum Algorithms for Optimization and Polynomial Systems Solving over Finite Fields
In this paper, we give quantum algorithms for two fundamental computation problems: solving polynomial systems and optimization over finite fields. The quantum algorithms can solve these problems with any given probability and have complexities polynomial in the size of the input and the condition number of certain polynomial system related to the problem. So, we achieved exponential speedup fo...
متن کاملA Note on Cryptanalysis of the Preliminary Version of the NTRU Signature Scheme
In this paper a preliminary version of the NTRU signature scheme is cryptanalyzed. The attack exploits a correlation between some bits of a signature and coefficients of a secret random polynomial. The attack does not apply to the next version of the signature scheme.
متن کاملCryptanalysis of Middle Lattice on the Overstretched NTRU Problem for General Modulus Polynomial
The overstretched NTRU problem, which is the NTRU problem with super-polynomial size q in n, is one of the most important candidates for higher level cryptography. Unfortunately, Albrecht et al. in Crypto 2016 and Cheon et al. in ANTS 2016 proposed so-called subfield attacks which demonstrate that the overstretched NTRU problems with power-of-two cyclotomic modulus are not secure enough with gi...
متن کاملCryptanalysis of Xinyu et al.'s NTRU-Lattice Based Key Exchange Protocol
Xinyu et al. proposed a public key exchange protocol, which is based on the NTRU-lattice based cryptography. In this paper, we show how Xinyu et al.’s NTRU-KE: A lattice based key exchange protocol can be broken, under the assumption that a man-in-the middle attack is used for extracting private keys of users who participate in the key exchange protocol.
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2015 شماره
صفحات -
تاریخ انتشار 2015