Abstract
We present a chosen-ciphertext attack against the public key cryptosystem called NTRU. This cryptosystem is based on polynomial algebra. Its security comes from the interaction of the polynomial mixing system with the independence of reduction modulo two relatively prime integers p and q. In this paper, we examine the effect of feeding special polynomials built from the public key to the decryption algorithm. We are then able to conduct a chosen-ciphertext attack that recovers the secret key from a few ciphertexts/cleartexts pairs with good probability. Finally, we show that the OAEP-like padding proposed for use with NTRU does not protect against this attack.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Mihir Bellare, Anand Desai, David Pointcheval, and Phillip Rogaway. Relations among notions of security for public-key encryption schemes. In Hugo Krawczyk, editor, Advances in Cryptology — CRYPTO’98, volume 1462 of Lecture Notes in Computer Science, pages 26–45. Springer, 1998.
Mihir Bellare and Phillip Rogaway. Optimal asymmetric encryption. In A. de Santis, editor, Advances in Cryptology — EUROCRYPT’94, volume 950 of Lecture Notes in Computer Science, pages 92–111. Springer-Verlag, 1994.
D. Coppersmith and A. Shamir. Lattice attacks on NTRU. In Advances in Cryptology — EUROCRYPT’97, volume 1233 of Lecture Notes in Computer Science, pages 52–61, 1997.
Eiichiro Fujisaki and Tatsuaki Okamoto. Secure integration of asymmetric and symmetric encryption schemes. In Michael Wiener, editor, Advances in Cryptology — CRYPTO’99, volume 1666 of Lecture Notes in Computer Science, pages 537–554. Springer-Verlag, 1999.
H. Gilbert, D. Gupta, A.M. Odlyzko, and J.-J. Quisquater. Attacks on shamir’s ‘rsa for paranoids’. Information Processing Letters, 68:197–199, 1998. http://www.research.att.com/amo/doc/recent.html.
Chris Hall, Ian Goldberg, and Bruce Schneier. Reaction attacks against several public-key cryptosystems. In G. Goos, J. Hartmanis, and J. van Leeuwen, editors, ICICS’99, volume 1726 of Lecture Notes in Computer Science, pages 2–12. Springer-Verlag, 1999.
Jeffrey Hoffstein, Jill Pipher, and Joseph H. Silverman. NTRU: A ring based public key cryptosystem. In ANTS’3, volume 1423 of Lecture Notes in Computer Science, pages 267–288. Springer Verlag, 1998.
Jeffrey Hoffstein and Joseph H. Silverman. Reaction attacks against the NTRU public key cryptosystem. Technical Report 15, NTRU Cryptosystems, August 1999.
M. Joye and J.-J. Quisquater. On the importance of securing your bins: the garbage-man-in-the-middle attack. 4th ACM Conf. Computer Comm. Security, pages 135–141, 1997.
A.K. Lenstra, H.W. Lenstra, and L. Lovász. Factoring polynomials with polynomial coefficients. Math. Annalen, 261:515–534, 1982.
Joseph H. Silverman. Plaintext awareness and the NTRU PKCS. Technical Report 7, NTRU Cryptosystems, July 1998.
Joseph H. Silverman. Estimated breaking times for NTRU lattices. Technical Report 12, NTRU Cryptosystems, March 1999.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jaulmes, É., Joux, A. (2000). A Chosen-Ciphertext Attack against NTRU. In: Bellare, M. (eds) Advances in Cryptology — CRYPTO 2000. CRYPTO 2000. Lecture Notes in Computer Science, vol 1880. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44598-6_2
Download citation
DOI: https://doi.org/10.1007/3-540-44598-6_2
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-67907-3
Online ISBN: 978-3-540-44598-2
eBook Packages: Springer Book Archive