Weak Property of Malleability in NTRUSign
نویسندگان
چکیده
A new type of signature scheme, called NTRUSign, based on solving the approximately closest vector problem in a NTRU lattice was proposed at CT-RSA’03. However no security proof against chosen messages attack has been made for this scheme. In this paper, we show that NTRUSign signature scheme contains the weakness of malleability. From this, one can derive new valid signatures from any previous message-signature pair which means that NTRUSign is not secure against strongly existential forgery. Finally, we propose a simple technique to avoid this flaw in NTRUSign scheme.
منابع مشابه
Quantum Non-malleability and Authentication
In encryption, non-malleability is a highly desirable property: it ensures that adversaries cannot manipulate the plaintext by acting on the ciphertext. In [5], Ambainis et al. gave a definition of non-malleability for the encryption of quantum data. In this work, we show that this definition is too weak, as it allows adversaries to “inject” plaintexts of their choice into the ciphertext. We gi...
متن کاملWeak Banach-Saks property in the space of compact operators
For suitable Banach spaces $X$ and $Y$ with Schauder decompositions and a suitable closed subspace $mathcal{M}$ of some compact operator space from $X$ to $Y$, it is shown that the strong Banach-Saks-ness of all evaluation operators on ${mathcal M}$ is a sufficient condition for the weak Banach-Saks property of ${mathcal M}$, where for each $xin X$ and $y^*in Y^*$, the evaluation op...
متن کاملA Note on the Security of NTRUSign
At Eurocrypt ’06, Nguyen and Regev presented a new key-recovery attack on the GoldreichGoldwasser-Halevi (GGH) lattice-based signature scheme: when applied to NTRUSign-251 without perturbation, the attack recovers the secret key given only 90,000 signatures. At the rump session, Whyte speculated whether the number of required signatures might be significantly decreased to say 1,000, due to the ...
متن کاملPerformance Improvements and a Baseline Parameter Generation Algorithm for NTRUSign
The NTRUSign signature scheme was introduced in [8]. The original presentation gave a theoretical description of the scheme and an analysis of its security, along with several parameter choices which claimed to yield an 80 bit security level. The paper [8] did not give a general recipe for generating parameter sets to a specific level of security. In line with recent research on NTRUEncrypt [9]...
متن کاملAlternatives to Non-Malleability: Definitions, Constructions and Applications
We explore whether non-malleability is necessary for the applications typically used to mo-tivate it, and propose two alternatives. The first we call weak non-malleability (wnm) and showthat it suffices to achieve secure contract bidding (the application for which non-malleability wasinitially introduced), despite being strictly weaker than non-malleability. The second we callta...
متن کامل