NTRU Prime: Reducing Attack Surface at Low Cost
نویسندگان
چکیده
Several ideal-lattice-based cryptosystems have been broken by recent attacks that exploit special structures of the rings used in those cryptosystems. The same structures are also used in the leading proposals for post-quantum lattice-based cryptography, including the classic NTRU cryptosystem and typical Ring-LWE-based cryptosystems. This paper (1) proposes NTRU Prime, which tweaks NTRU to use rings without these structures; (2) proposes Streamlined NTRU Prime, a public-key cryptosystem optimized from an implementation perspective, subject to the standard design goal of IND-CCA2 security; (3) finds high-security post-quantum parameters for Streamlined NTRU Prime; and (4) optimizes a constant-time implementation of those parameters. The resulting sizes and speeds show that reducing the attack surface has very low cost.
منابع مشابه
Revisiting the Hybrid Attack: Improved Analysis and Refined Security Estimates
Over the past decade, the hybrid lattice reduction and meetin-the middle attack (called the Hybrid Attack) has been used to evaluate the security of many lattice-based cryprocraphic schemes such as NTRU, NTRU prime, BLISS, and more. However, unfortunately none of the previous analyses of the Hybrid Attack is entirely satisfactory: they are based on simplifying assumptions that may distort the s...
متن کاملA Chosen-Ciphertext Attack against NTRU
We present a chosen-ciphertext attack against the public key cryptosystem called NTRU. This cryptosystem is based on polynomial algebra. Its security comes from the interaction of the polynomial mixing system with the independence of reduction modulo two relatively prime integers p and q. In this paper, we examine the effect of feeding special polynomials built from the public key to the decryp...
متن کاملCryptanalysis of Middle Lattice on the Overstretched NTRU Problem for General Modulus Polynomial
The overstretched NTRU problem, which is the NTRU problem with super-polynomial size q in n, is one of the most important candidates for higher level cryptography. Unfortunately, Albrecht et al. in Crypto 2016 and Cheon et al. in ANTS 2016 proposed so-called subfield attacks which demonstrate that the overstretched NTRU problems with power-of-two cyclotomic modulus are not secure enough with gi...
متن کاملNTRU Prime
Several ideal-lattice-based cryptosystems have been broken by recent attacks that exploit special structures of the rings used in those cryptosystems. The same structures are also used in the leading proposals for post-quantum lattice-based cryptography, including the classic NTRU cryptosystem and typical Ring-LWE-based cryptosystems. This paper proposes NTRU Prime, which tweaks NTRU to use rin...
متن کاملRevisiting Lattice Attacks on Overstretched NTRU Parameters
In 2016, Albrecht, Bai and Ducas and independently Cheon, Jeong and Lee presented very similar attacks to break the NTRU cryptosystem with larger modulus than in the NTRUEncrypt standard. They allow to recover the secret key given the public key of Fully Homomorphic Encryption schemes based on NTRU ideas. Hopefully, these attacks do not endanger the security of the NTRUEncrypt, but shed new lig...
متن کامل