Abstract
NTRU is an efficient patented public-key cryptosystem proposed in 1996 by Hoffstein, Pipher and Silverman. Although no devastating weakness of NTRU has been found, Jaulmes and Joux presented at Crypto ’00 a simple chosen-ciphertext attack against NTRU as originally described. This led Hoffstein and Silverman to propose three encryption padding schemes more or less based on previous work by Fujisaki and Okamoto on strengthening encryption schemes. It was claimed that these three padding schemes made NTRU secure against adaptive chosen-ciphertext attacks (IND-CCA2) in the random oracle model. In this paper, we analyze and compare the three NTRU schemes obtained. It turns out that the first one is not even semantically secure (INDCPA). The second and third ones can be proven IND-CCA2-secure in the random oracle model, under however rather unusual assumptions. They indeed require a partial-domain one-wayness of the NTRU one-way function which is likely to be a stronger assumption than the one-wayness of the NTRU one-way function. We propose several modifications to achieve IND-CCA2-security in the random oracle model under the original NTRU inversion assumption.
Chapter PDF
References
M. Bellare, A. Desai, D. Pointcheval, and P. Rogaway. Relations among Notions of Security for Public-Key Encryption Schemes. In Proc. of Crypto’ 98, LNCS 1462, pages 26–45. Springer-Verlag, 1998.
M. Bellare and P. Rogaway. Optimal Asymmetric Encryption. In Proc. of Eurocrypt’94, LNCS 950, pages 92–111. Springer-Verlag, 1995.
D. Coppersmith and A. Shamir. Lattice Attacks on NTRU. In Proc. of Eurocrypt’97, LNCS 1233. Springer-Verlag, 1997.
D. Dolev, C. Dwork, and M. Naor. Non-Malleable Cryptography. SIAM Journal on Computing, 30(2):391–437, 2000.
Consortium for Efficient Embedded Security. Efficient embedded security standards #1: Implementation aspects of NTRU and NSS. Draft Version 3.0 available at http://www.ceesstandards.org, July 2001.
E. Fujisaki and T. Okamoto. Secure Integration of Asymmetric and Symmetric Encryption Schemes. In Proc. of Crypto’ 99, LNCS 1666, pages 537–554. Springer-Verlag, 1999.
E. Fujisaki and T. Okamoto. How to Enhance the Security of Public-Key Encryption at Minimum Cost. IEICE Trans. Fundamentals of Electronics, Comunications and Computer Sciences, E83-A(1), 2000. Special issue on cryptography and information security.
E. Fujisaki, T. Okamoto, D. Pointcheval, and J. Stern. RSA-OAEP is Secure under the RSA Assumption. In Proc. of Crypto’ 01, LNCS 2139, pages 260–274. Springer-Verlag, 2001.
C. Gentry. Key Recovery and Message Attacks on NTRU-Composite. In Proc. of Eurocrypt’ 01, LNCS 2045, pages 182–194. Springer-Verlag, 2001.
S. Goldwasser and S. Micali. Probabilistic Encryption. Journal of Computer and System Sciences, 28:270–299, 1984.
C. Hall, I. Goldberg, and B. Schneier. Reaction Attacks against Several Public-Key Cryptosystems. In Proc. of ICICS’ 99, LNCS, pages 2–12. Springer-Verlag, 1999.
J. Hoffstein, J. Pipher, and J.H. Silverman. NTRU: a Ring based Public Key Cryptosystem. In Proc. of ANTS III, LNCS 1423, pages 267–288. Springer-Verlag, 1998. First presented at the rump session of Crypto’ 96.
J. Hoffstein and J. H. Silverman. Invertibility in truncated polynomial rings. Technical report, NTRU Cryptosystems, October 1998. Report #009, version 1, available at [4].
J. Hoffstein and J. H. Silverman. Optimizations for NTRU. In Public-key Cryptography and Computational Number Theory. DeGruyter, 2000. To appear, available at [4].
J. Hoffstein and J. H. Silverman. Protecting NTRU against chosen ciphertext and reaction attacks. Technical report, NTRU Cryptosystems, June 2000. Report #016, version 1, available at [4].
J. Hoffstein and J. H. Silverman. Reaction attacks against the NTRU public key cryptosystem. Technical report, NTRU Cryptosystems, June 2000. Report #015, version 2, available at [4].
IEEE Standard 1363. Standard specifications for public key cryptography. IEEE. Available from http://www.grouper.ieee.org/groups/1363, August 2000.
E. Jaulmes and A. Joux. A Chosen Ciphertext Attack on NTRU. In Proc. of Crypto’ 00, LNCS 1880. Springer-Verlag, 2000.
A. K. Lenstra, H. W. Lenstra, Jr., and L. Lovász. Factoring Polynomials with Rational Coefficients. Mathematische Ann., 261:513–534, 1982.
A. May and J. H. Silverman. Dimension Reduction Methods for Convolution Modular Lattices. In Proc. of CALC’ 01, LNCS 2146. Springer-Verlag, 2001.
D. Micciancio. Improving Lattice-based Cryptosystems using the Hermite Normal Form. In Proc. of CALC’ 01, LNCS 2146. Springer-Verlag, 2001.
M. Naor and M. Yung. Public-Key Cryptosystems Provably Secure against Chosen Ciphertext Attacks. In Proc. of the 22nd STOC, pages 427–437. ACM Press, 1990.
P. Q. Nguyen and J. Stern. The Two Faces of Lattices in Cryptology. In Proc. of CALC’ 01, LNCS 2146. Springer-Verlag, 2001.
T. Okamoto and D. Pointcheval. REACT: Rapid Enhanced-security Asymmetric Cryptosystem Transform. In Proc. of CT-RSA’ 01, LNCS 2020, pages 159–175. Springer-Verlag, 2001.
D. Pointcheval. Chosen-Ciphertext Security for any One-Way Cryptosystem. In Proc. of PKC’ 00, LNCS 1751, pages 129–146. Springer-Verlag, 2000.
C. Racko. and D. R. Simon. Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack. In Proc. of Crypto’ 91, LNCS 576, pages 433–444. Springer-Verlag, 1992.
C. P. Schnorr. A Hierarchy of Polynomial Lattice Basis Reduction Algorithms. Theoretical Computer Science, 53:201–224, 1987.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Nguyen, P.Q., Pointcheval, D. (2002). Analysis and Improvements of NTRU Encryption Paddings. In: Yung, M. (eds) Advances in Cryptology — CRYPTO 2002. CRYPTO 2002. Lecture Notes in Computer Science, vol 2442. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45708-9_14
Download citation
DOI: https://doi.org/10.1007/3-540-45708-9_14
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-44050-5
Online ISBN: 978-3-540-45708-4
eBook Packages: Springer Book Archive