|
|
|
|
|
|
|
|
|
|
  NTRU Cryptosystems Technical Reports provide in-depth analysis of certain issues in NTRU cryptography. Questions about these reports are welcomed at info@ntru.com. NTRU Report:
Note: These Technical Reports are undergoing a continual process of revision, and some reports refer to different parameter sets from the ones that we currently recommend. NTRU Report 004, Version 2. A Meet-In-The-Middle Attack on an NTRU Private Key. In this report we describe a meet-in-the-middle attack on an NTRU private key. Hence if the private key is chosen from a sample space with 2M elements, then the security level of the cryptosystem is 2M/2. Updated 2003/06 to reflect slight improvements in the running times, and to extend the analysis from binary keys to "product form" keys. Format: Postscript | PDF NTRU Report 005. Hard Problems and Backdoors for NTRU and Other PKCSs. A hard problem and the associated back door for the NTRU Public Key Cryptosystem is described and compared/contrasted with the hard problems and back doors associated to other common public key cryptosystems. Format: Postscript | PDF NTRU Report 006. Implementation Notes for NTRU PKCS Multiple Transmissions. Multiple NTRU encryptions of a single message using a single key may compromise the security of the message. In this report we analyze this situation and describe scrambling techniques that allow secure multiple transmissions of a single message. Much of the material in this report has been superseded by the paper NAEP: Provable Security in the Presence of Decryption Failures. Format: Postscript | PDF NTRU Report 007. Plaintext Awareness and the NTRU PKCS. This report has been superseded by the paper NAEP: Provable Security in the Presence of Decryption Failures. NTRU Report 008. Efficient Conversions from Mod q to Mod p. An efficient method for converting a list of numbers modulo q to a list of numbers modulo p is described. Format: Postscript | PDF NTRU Report 009. Invertibility in Truncated Polynomial Rings. Let Rq = (Z/qZ)[X]/(XN-1) be the ring of truncated polynomials modulo q. We compute the probability that a randomly chosen polynomial f in Rq is invertible in Rq, and also the conditional probability if f is required to satisfy f(1)=1. Format: Postscript | PDF NTRU Report 010. High-Speed Multiplication of (Truncated) Polynomials. Multiplication of two (truncated) polynomials of degree n takes on the order of n2 operations. By splitting the polynomials into two pieces, this may be reduced to approximately 0.75n2 operations, and repeated recursive application of this procedure leads to even greater savings. Format: Postscript | PDF NTRU Report 011. Wraps, Gaps, and Lattice Constants. This note describes how the choice of a parameter set (N,p,q,df,dg,dphi) for an NTRU Public Key Cryptosystem determine various operating characteristics of the cryptosystem, such as the security level and the probabilities of wrapping failure and of gap failure. Much of the analysis in this report is extended in Technical Report 18. Format: Postscript | PDF NTRU Report 012, Version 2. Estimated Breaking Times for NTRU Lattices. In this note we report on experiments with the lattices underlying the NTRU Public Key Cryptosystem. We present data for the time needed to find a small vector and use this data to extrapolate expected breaking times for the NTRU PKCS for recommended parameter values. We also extend the "zero forcing" analysis of May and Silverman to include a check that the lattice strength in the lower-dimension, zero-forced lattice can correctly be approximated by the same extrapolation line as the non-zero-forced lattice. Updated 2003/06 to reflect recommended new parameter sets, and to include the zero-forcing analysis. Format: Postscript | PDF NTRU Report 013. Dimension-Reduced Lattices, Zero-Forced Lattices, and the NTRU Public Key Cryptosystem. In this note we describe, extend, and analyze the lattice construction ideas of Alexander May as they apply to the NTRU public key cryptosystem. We use both theoretical and experimental methods to analyze the strength of the attacks. The final conclusion is that the new attacks only marginally affect the security levels of the standard commercial NTRU parameter sets (N=167, 263, and 503), but that the new lattices can be helpful for very low security levels (N=107). Format: Postscript | PDF NTRU Report 014. Almost Inverses and Fast NTRU Key Creation. We explain how to use the "Almost Inverse Algorithm" of Schroeppel, Orman, O'Malley, and Spatscheck to efficiently compute NTRU public/private key pairs. Format: Postscript | PDF NTRU Report 015. Reaction Attacks Against the NTRU Public Key Cryptosystem. This report has been superseded by the paper NAEP: Provable Security in the Presence of Decryption Failures. NTRU Report 016. Protecting NTRU Against Chosen Ciphertext and Reaction Attacks. This report has been superseded by the paper NAEP: Provable Security in the Presence of Decryption Failures. NTRU Report 018. Estimating Decryption Failure Probabilities for NTRUEncrypt. We describe a theoretical method for estimating the decryption failure probability for NTRUEncrypt. We apply this method to a suggested parameter set and compare it with experiment. Format: Postscript | PDF
|
|
|
|
||||||||||||||||||||||||||||||||||||||||||
|
|
| Copyright © NTRU Cryptosystems, Inc. 1998-2008 35 Nagog Park, Acton, MA 01720, USA Tel. 978-844-5200 |
Created by PixelMEDIA |
|
|
