New Chosen-Ciphertext Attacks on NTRU

Gama, Nicolas; Nguyen, Phong Q.

doi:10.1007/978-3-540-71677-8_7

New Chosen-Ciphertext Attacks on NTRU

Nicolas Gama¹ &
Phong Q. Nguyen²

Conference paper

2205 Accesses
16 Citations

Part of the Lecture Notes in Computer Science book series (LNSC,volume 4450)

Abstract

We present new and efficient key-recovery chosen-ciphertext attacks on NTRUencrypt. Our attacks are somewhat intermediate between chosen-ciphertext attacks on NTRUencrypt previously published at CRYPTO ’00 and CRYPTO ’03. Namely, the attacks only work in the presence of decryption failures; we only submit valid ciphertexts to the decryption oracle, where the plaintexts are chosen uniformly at random; and the number of oracle queries is small. Interestingly, our attacks can also be interpreted from a provable security point of view: in practice, if one had access to a NTRUencrypt decryption oracle such that the parameter set allows decryption failures, then one could recover the secret key. For instance, for the initial NTRU-1998 parameter sets, the output of the decryption oracle on a single decryption failure is enough to recover the secret key.

Keywords

Decryption Algorithm
Oracle Query
Decryption Oracle
Choose Ciphertext Attack
Random Message

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Chapter PDF

References

Consortium for Efficient Embedded Security: Efficient embedded security standards #1: Implementation aspects of NTRU and NSS (2001)
Google Scholar
Consortium for Efficient Embedded Security: Efficient embedded security standards #1: Implementation aspects of NTRUEncrypt and NTRUSign (2002)
Google Scholar
Gentry, C.: Key recovery and message attacks on NTRU-composite. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, Springer, Heidelberg (2001)
CrossRef Google Scholar
Gentry, C., Jonsson, J., Stern, J., Szydlo, M.: Cryptanalysis of the NTRU signature scheme (NSS) from Eurocrypt 2001. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, Springer, Heidelberg (2001)
CrossRef Google Scholar
Gentry, C., Szydlo, M.: Cryptanalysis of the revised NTRU signature scheme. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, Springer, Heidelberg (2002)
CrossRef Google Scholar
Han, D., Hong, J., Han, J.W., Kwon, D.: Key recovery attacks on NTRU without ciphertext validation routine. In: Safavi-Naini, R., Seberry, J. (eds.) ACISP 2003. LNCS, vol. 2727, pp. 274–284. Springer, Heidelberg (2003)
CrossRef Google Scholar
Hoffstein, J., Howgrave-Graham, N.A., Pipher, J., Silverman, J.H., Whyte, W.: NTRUSIGN. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, Springer, Heidelberg (2003)
CrossRef Google Scholar
Hoffstein, J., Pipher, J., Silverman, J.: NTRU: a ring based public key cryptosystem (First presented at the rump session of Crypto ’96). In: Buhler, J.P. (ed.) Algorithmic Number Theory. LNCS, vol. 1423, pp. 267–288. Springer, Heidelberg (1998)
CrossRef Google Scholar
Hoffstein, J., Silverman, J.H.: Optimizations for NTRU. In: Public-key Cryptography and Computational Number Theory, DeGruyter, Berlin (2000), available at http://www.ntru.com
Google Scholar
Howgrave-Graham, N., Silverman, J.H., Whyte, W.: Choosing parameter sets for NTRUEncrypt with NAEP and SVES-3
Google Scholar
Howgrave-Graham, N.A., Nguyen, P.Q., Pointcheval, D., Proos, J., Silverman, J.H., Singer, A., Whyte, W.: The impact of decryption failures on the security of NTRU encryption. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 226–246. Springer, Heidelberg (2003)
Google Scholar
IEEE. P1363.1 Public-Key Cryptographic Techniques Based on Hard Problems over Lattices. IEEE (June 2003), Available from http://grouper.ieee.org/groups/1363/lattPK/index.html
Jaulmes, E., Joux, A.: A chosen ciphertext attack on NTRU. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, Springer, Heidelberg (2000)
CrossRef Google Scholar
Nguyen, P.Q., Regev, O.: Learning a parallelepiped: cryptanalysis of GGH and NTRU signatures. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 271–288. Springer, Heidelberg (2006)
CrossRef Google Scholar
Shoup, V.: Number Theory C++ Library (NTL) version 5.4. Available at http://www.shoup.net/ntl/
Silverman, J.H.: Invertibility in truncated polynomial rings. Technical report, NTRU Cryptosystems, Technical reports (2003), available at http://www.ntru.com
Silverman, J.H., Whyte, W.: Technical report n. 18, version 1: Estimating decryption failure probabilities for ntruencrypt. Technical report, NTRU Cryptosystems (2005)
Google Scholar

Download references

Author information

Authors and Affiliations

École normale supérieure, DI, 45 rue d’Ulm, 75005 Paris, France
Nicolas Gama
CNRS/École normale supérieure, DI, 45 rue d’Ulm, 75005 Paris, France
Phong Q. Nguyen

Authors

Nicolas Gama
View author publications
You can also search for this author in PubMed Google Scholar
Phong Q. Nguyen
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Tatsuaki Okamoto Xiaoyun Wang

Rights and permissions

Reprints and Permissions

Copyright information

About this paper

Cite this paper

Gama, N., Nguyen, P.Q. (2007). New Chosen-Ciphertext Attacks on NTRU. In: Okamoto, T., Wang, X. (eds) Public Key Cryptography – PKC 2007. PKC 2007. Lecture Notes in Computer Science, vol 4450. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-71677-8_7

Download citation

DOI: https://doi.org/10.1007/978-3-540-71677-8_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-71676-1
Online ISBN: 978-3-540-71677-8
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics