Choosing NTRUEncrypt Parameters in Light of Combined Lattice Reduction and MITM Approaches
نویسندگان
چکیده
We present the new NTRUEncrypt parameter generation algorithm, which is designed to be secure in light of recent attacks that combine lattice reduction and meet-in-the-middle (MITM) techniques. The parameters generated from our algorithm have been submitted to several standard bodies and are presented at the end of the paper.
منابع مشابه
Provably Secure NTRUEncrypt over More General Cyclotomic Rings
NTRUEncrypt is a fast and standardized lattice-based public key encryption scheme, but it lacks a solid security guarantee. In 2011, Stehlé and Steinfeld first proposed a provably secure variant of NTRUEncrypt, denoted by pNE, over power-of-2 cyclotomic rings. The IND-CPA security of pNE is based on the worst-case quantum hardness of classical problems over ideal lattices. Recently, Yu, Xu and ...
متن کاملA Hybrid Lattice-Reduction and Meet-in-the-Middle Attack Against NTRU
To date the NTRUEncrypt security parameters have been based on the existence of two types of attack: a meet-in-the-middle attack due to Odlyzko, and a conservative extrapolation of the running times of the best (known) lattice reduction schemes to recover the private key. We show that there is in fact a continuum of more efficient attacks between these two attacks. We show that by combining lat...
متن کاملEfficient provable-secure NTRUEncrypt over any cyclotomic field
NTRUEncrypt is a fast lattice-based cryptosystem and a probable alternative of the existing public key schemes. The existing provable-secure NTRUEncrypts are limited by the cyclotomic field it works on the prime-power cyclotomic field. This is worth worrying, due to the subfield attack methods proposed in 2016. Also, the module used in computation and security parameters rely heavily on the cho...
متن کاملRevisiting Lattice Attacks on Overstretched NTRU Parameters
In 2016, Albrecht, Bai and Ducas and independently Cheon, Jeong and Lee presented very similar attacks to break the NTRU cryptosystem with larger modulus than in the NTRUEncrypt standard. They allow to recover the secret key given the public key of Fully Homomorphic Encryption schemes based on NTRU ideas. Hopefully, these attacks do not endanger the security of the NTRUEncrypt, but shed new lig...
متن کاملNTRUEncrypt and Lattice Attacks
NTRUEncrypt is a relatively new cryptosystem, introduced in 1996. The best known attacks on the cryptosystem are due to lattice basis reduction. In this Master’s project we have implemented lattice attacks using dimension-reduced and zero-forced lattices. Furthermore, we have reduced a modified version of the zero-forced lattice. This “non-lossy” zero-forced lattice performed better than the or...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2009