Abstract
We present new and efficient key-recovery chosen-ciphertext attacks on NTRUencrypt. Our attacks are somewhat intermediate between chosen-ciphertext attacks on NTRUencrypt previously published at CRYPTO ’00 and CRYPTO ’03. Namely, the attacks only work in the presence of decryption failures; we only submit valid ciphertexts to the decryption oracle, where the plaintexts are chosen uniformly at random; and the number of oracle queries is small. Interestingly, our attacks can also be interpreted from a provable security point of view: in practice, if one had access to a NTRUencrypt decryption oracle such that the parameter set allows decryption failures, then one could recover the secret key. For instance, for the initial NTRU-1998 parameter sets, the output of the decryption oracle on a single decryption failure is enough to recover the secret key.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Consortium for Efficient Embedded Security: Efficient embedded security standards #1: Implementation aspects of NTRU and NSS (2001)
Consortium for Efficient Embedded Security: Efficient embedded security standards #1: Implementation aspects of NTRUEncrypt and NTRUSign (2002)
Gentry, C.: Key recovery and message attacks on NTRU-composite. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, Springer, Heidelberg (2001)
Gentry, C., Jonsson, J., Stern, J., Szydlo, M.: Cryptanalysis of the NTRU signature scheme (NSS) from Eurocrypt 2001. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, Springer, Heidelberg (2001)
Gentry, C., Szydlo, M.: Cryptanalysis of the revised NTRU signature scheme. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, Springer, Heidelberg (2002)
Han, D., Hong, J., Han, J.W., Kwon, D.: Key recovery attacks on NTRU without ciphertext validation routine. In: Safavi-Naini, R., Seberry, J. (eds.) ACISP 2003. LNCS, vol. 2727, pp. 274–284. Springer, Heidelberg (2003)
Hoffstein, J., Howgrave-Graham, N.A., Pipher, J., Silverman, J.H., Whyte, W.: NTRUSIGN. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, Springer, Heidelberg (2003)
Hoffstein, J., Pipher, J., Silverman, J.: NTRU: a ring based public key cryptosystem (First presented at the rump session of Crypto ’96). In: Buhler, J.P. (ed.) Algorithmic Number Theory. LNCS, vol. 1423, pp. 267–288. Springer, Heidelberg (1998)
Hoffstein, J., Silverman, J.H.: Optimizations for NTRU. In: Public-key Cryptography and Computational Number Theory, DeGruyter, Berlin (2000), available at http://www.ntru.com
Howgrave-Graham, N., Silverman, J.H., Whyte, W.: Choosing parameter sets for NTRUEncrypt with NAEP and SVES-3
Howgrave-Graham, N.A., Nguyen, P.Q., Pointcheval, D., Proos, J., Silverman, J.H., Singer, A., Whyte, W.: The impact of decryption failures on the security of NTRU encryption. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 226–246. Springer, Heidelberg (2003)
IEEE. P1363.1 Public-Key Cryptographic Techniques Based on Hard Problems over Lattices. IEEE (June 2003), Available from http://grouper.ieee.org/groups/1363/lattPK/index.html
Jaulmes, E., Joux, A.: A chosen ciphertext attack on NTRU. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, Springer, Heidelberg (2000)
Nguyen, P.Q., Regev, O.: Learning a parallelepiped: cryptanalysis of GGH and NTRU signatures. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 271–288. Springer, Heidelberg (2006)
Shoup, V.: Number Theory C++ Library (NTL) version 5.4. Available at http://www.shoup.net/ntl/
Silverman, J.H.: Invertibility in truncated polynomial rings. Technical report, NTRU Cryptosystems, Technical reports (2003), available at http://www.ntru.com
Silverman, J.H., Whyte, W.: Technical report n. 18, version 1: Estimating decryption failure probabilities for ntruencrypt. Technical report, NTRU Cryptosystems (2005)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer Berlin Heidelberg
About this paper
Cite this paper
Gama, N., Nguyen, P.Q. (2007). New Chosen-Ciphertext Attacks on NTRU. In: Okamoto, T., Wang, X. (eds) Public Key Cryptography – PKC 2007. PKC 2007. Lecture Notes in Computer Science, vol 4450. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-71677-8_7
Download citation
DOI: https://doi.org/10.1007/978-3-540-71677-8_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-71676-1
Online ISBN: 978-3-540-71677-8
eBook Packages: Computer ScienceComputer Science (R0)