Reduced Memory Meet-in-the-Middle Attack against the NTRU Private Key
نویسنده
چکیده
NTRU is a public-key cryptosystem introduced at ANTS-III. The two most used techniques in attacking the NTRU private key are meet-in-the-middle attacks and lattice-basis reduction attacks. Howgrave-Graham combined both techniques in 2007 and pointed out that the largest obstacle to attacks is the memory capacity that is required for the meet-in-the-middle phase. In the present paper an algorithm is presented that applies low-memory techniques to find ‘golden’ collisions to Odlyzko’s meet-in-the-middle attack against the NTRU private key. Several aspects of NTRU secret keys and the algorithm are analysed. The running time of the algorithm with a maximum storage capacity of w is estimated and experimentally verified. Experiments indicate that decreasing the storage capacity w by a factor 1 < c < √ w increases the running time by a factor √ c.
منابع مشابه
The REESSE2+ Public-key Encryption Scheme
This paper gives the definitions of an anomalous super -increasing sequence and an anomalous subset sum separately, proves the two properties of an anomalous super-increasing sequence, and proposes the REESSE2+ public-key encryption scheme which includes the three algorithms for key generation, encryption and decryption. The paper discusses the necessity and sufficiency of the lever function fo...
متن کاملA Hybrid Lattice-Reduction and Meet-in-the-Middle Attack Against NTRU
To date the NTRUEncrypt security parameters have been based on the existence of two types of attack: a meet-in-the-middle attack due to Odlyzko, and a conservative extrapolation of the running times of the best (known) lattice reduction schemes to recover the private key. We show that there is in fact a continuum of more efficient attacks between these two attacks. We show that by combining lat...
متن کاملNtru: a Public Key Cryptosystem
0. Introduction 1. Description of NTRU 1.1. Notation 1.2. Key Creation 1.3. Encryption 1.4. Decryption 1.5. Why Decryption Works 1.6. Parameter choices notation and a norm estimate 1.7. Sample spaces 1.8. A Decryption Criterion 2. Attributes and Advantages of NTRU 2.1. Theoretical Operating Speci cations 2.2. Comparison With Other PKCS's 3. Security Considerations 3.1. Security Analysis 3.2. Br...
متن کاملImperfect Decryption and an Attack on the NTRU Encryption Scheme
A property of the NTRU public-key cryptosystem is that it does not provide perfect decryption. That is, given an instance of the cryptosystem, there exist ciphertexts which can be validly created using the public key but which can’t be decrypted using the private key. The valid ciphertexts which an NTRU secret key will not correctly decipher determine, up to a cyclic shift, the secret key. In t...
متن کاملCryptanalysis of Xinyu et al.'s NTRU-Lattice Based Key Exchange Protocol
Xinyu et al. proposed a public key exchange protocol, which is based on the NTRU-lattice based cryptography. In this paper, we show how Xinyu et al.’s NTRU-KE: A lattice based key exchange protocol can be broken, under the assumption that a man-in-the middle attack is used for extracting private keys of users who participate in the key exchange protocol.
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2016 شماره
صفحات -
تاریخ انتشار 2016