NTRU Cryptosystem and Its Analysis

Similar documents
Implementation of Automatic Invertible Matrix Mechanism in NTRU Matrix Formulation Algorithm

Applications of Lattice Reduction in Cryptography

MaTRU: A New NTRU-Based Cryptosystem

Lattice Reduction of Modular, Convolution, and NTRU Lattices

MATH 158 FINAL EXAM 20 DECEMBER 2016

Theme : Cryptography. Instructor : Prof. C Pandu Rangan. Speaker : Arun Moorthy CS

CPSC 467: Cryptography and Computer Security

Elliptic Curve Cryptography

Elliptic Curve Cryptography

CPSC 467b: Cryptography and Computer Security

Lattices. A Lattice is a discrete subgroup of the additive group of n-dimensional space R n.

Outline Proxy Re-Encryption NTRU NTRUReEncrypt PS-NTRUReEncrypt Experimental results Conclusions. NTRUReEncrypt

Lattice Based Crypto: Answering Questions You Don't Understand

HOMOMORPHIC ENCRYPTION AND LATTICE BASED CRYPTOGRAPHY 1 / 51

Other Public-Key Cryptosystems

Double-Moduli Gaussian Encryption/Decryption with Primary Residues and Secret Controls

Chapter 8 Public-key Cryptography and Digital Signatures

Tutorial on Quantum Computing. Vwani P. Roychowdhury. Lecture 1: Introduction

Chosen-Ciphertext Attacks on Optimized NTRU

Random Small Hamming Weight Products with Applications to Cryptography

Lattices, Cryptography, and NTRU. An introduction to lattice theory and the NTRU cryptosystem. Ahsan Z. Zahid

CIS 6930/4930 Computer and Network Security. Topic 5.2 Public Key Cryptography

Threshold Cryptography

Logic gates. Quantum logic gates. α β 0 1 X = 1 0. Quantum NOT gate (X gate) Classical NOT gate NOT A. Matrix form representation

during transmission safeguard information Cryptography: used to CRYPTOGRAPHY BACKGROUND OF THE MATHEMATICAL

8 Elliptic Curve Cryptography

Weaknesses in Ring-LWE

Cosc 412: Cryptography and complexity Lecture 7 (22/8/2018) Knapsacks and attacks

High-speed cryptography, part 3: more cryptosystems. Daniel J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven

The RSA public encryption scheme: How I learned to stop worrying and love buying stuff online

Lemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).

CRYPTOGRAPHY AND NUMBER THEORY

2. Cryptography 2.5. ElGamal cryptosystems and Discrete logarithms

Cryptosystem. Traditional Cryptosystems: The two parties agree on a secret (one to one) function f. To send a message M, thesendersendsthemessage

Gurgen Khachatrian Martun Karapetyan

Implementation of the RSA algorithm and its cryptanalysis. Abstract. Introduction

Ti Secured communications

Mathematics of Public Key Cryptography

Ideal Lattices and NTRU

Cryptography: Joining the RSA Cryptosystem

Definition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University

Lecture 1: Introduction to Public key cryptography

Other Public-Key Cryptosystems

1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2

HOMEWORK 11 MATH 4753

STRU: A Non Alternative and Multidimensional Public Key Cryptosystem

Cryptography. P. Danziger. Transmit...Bob...

Public Key 9/17/2018. Symmetric Cryptography Review. Symmetric Cryptography: Shortcomings (1) Symmetric Cryptography: Analogy

An Algebraic Approach to NTRU (q = 2 n ) via Witt Vectors and Overdetermined Systems of Nonlinear Equations

Encryption: The RSA Public Key Cipher

A new security notion for asymmetric encryption Draft #10

A new security notion for asymmetric encryption Draft #8

Elliptic Curves and an Application in Cryptography

Public Key Cryptography

The Elliptic Curve in https

Theory of Computation Chapter 12: Cryptography

Arithmétique et Cryptographie Asymétrique

CPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems

Lecture 7: ElGamal and Discrete Logarithms

A Knapsack Cryptosystem Based on The Discrete Logarithm Problem

Week 7 An Application to Cryptography

Asymmetric Encryption

RSA. Ramki Thurimella

APPLICATION OF ELLIPTIC CURVES IN CRYPTOGRAPHY-A REVIEW

An Application of Discrete Algorithms in Asymmetric Cryptography

Attacks on RSA & Using Asymmetric Crypto

Algorithmic Number Theory and Public-key Cryptography

CPSC 467b: Cryptography and Computer Security

Polynomial Interpolation in the Elliptic Curve Cryptosystem

CPSC 467: Cryptography and Computer Security

A new security notion for asymmetric encryption Draft #12

Elliptic Curve Cryptosystems

Carmen s Core Concepts (Math 135)

On estimating the lattice security of NTRU

Joseph Fadyn Kennesaw State University 1100 South Marietta Parkway Marietta, Georgia

Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography

An Overview of Homomorphic Encryption

Mathematics of Cryptography

CPSC 467b: Cryptography and Computer Security

In fact, 3 2. It is not known whether 3 1. All three problems seem hard, although Shor showed that one can solve 3 quickly on a quantum computer.

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

Juliet Nyokabi Gaithuru, Mazleena Salleh, Member, IAENG, and Majid Bakhtiari

RSA ENCRYPTION USING THREE MERSENNE PRIMES

Lattice-Based Cryptography

Intro to Public Key Cryptography Diffie & Hellman Key Exchange

arxiv: v3 [cs.it] 14 Nov 2012

Review. CS311H: Discrete Mathematics. Number Theory. Computing GCDs. Insight Behind Euclid s Algorithm. Using this Theorem. Euclidian Algorithm

A Comparative Study of RSA Based Digital Signature Algorithms

CRYPTOGRAPHY AND LARGE PRIMES *

Quantum-resistant cryptography

10 Modular Arithmetic and Cryptography

SEMINAR SECURITY - REPORT ELLIPTIC CURVE CRYPTOGRAPHY

International Electronic Journal of Pure and Applied Mathematics IEJPAM, Volume 9, No. 1 (2015)

L7. Diffie-Hellman (Key Exchange) Protocol. Rocky K. C. Chang, 5 March 2015

CPSC 467b: Cryptography and Computer Security

Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography

MATHEMATICS EXTENDED ESSAY

Cryptography and Security Final Exam

Cryptanalysis of an NTRU-based Proxy Encryption Scheme from ASIACCS 15

Public Key Cryptography. All secret key algorithms & hash algorithms do the same thing but public key algorithms look very different from each other.

Transcription:

NTRU Cryptosystem and Its Analysis

Overview 1. Introduction to NTRU Cryptosystem 2. A Brief History 3. How the NTRU Cryptosystem works? Examples 4. Why the Decryption Works? 5. The Advantages of NTRU 6. Implementation and Comparative Analysis 7. Reference

NTRU keys and parameters N - the polynomials in the ring R have degree N-1. (Non-secret) q - the large modulus to which each coefficient is reduced. (Nonsecret) p - the small modulus to which each coefficient is reduced. (Nonsecret) f - a polynomial that is the private key. g - a polynomial that is used to generate the public key h from f (Secret but discarded after initial use) h - the public key, also a polynomial r - the random blinding polynomial (Secret but discarded after initial use) d - coefficient

1. What is NTRU Cryptosystem? NTRU Nth Degree Truncated Polynomial Ring Units (or R=Z[X]/(X^N-1)) NTRU is the first public key cryptosystem not based on factorization or discrete logarithmic problems. NTRU is a lattice-based alternative to RSA and ECC and is based on the shortest vector problem in a lattice.

2. A Brief History NTRU was founded in 1996 by 3 mathematicians: Jeffrey Hoffstein, Joseph H. Silverman, Jill Pipher Later (at the end of 1996), these 3 mathematicians + Daniel Lieman founded the NTRU Cryptosystems, Inc, Boston, USA. The mathematicians were considered on speeding up the process. In 2009, NTRU Cryptosystem has been approved for standardization by the Institute of Electrical and Electronics Engineers (IEEE) [Hoffstein J., Lieman D., Pipher J., Silverman J. NTRU: A Public Key Cryptosystem, NTRU Cryptosystems, Inc. (www.ntru.com).]

3. How the NTRU Cryptosystem works? Examples Operations are based on objects in a truncated polynomial ring R=Z[X]/(X^N-1), polynomial degree at most N-1: a0 + a1x + a2x^2 + + an 1x^(N 1)

Key Generation 1 st step. User B randomly chooses 2 small polynomials f and g in the R (the ring of truncated polynomials). Notes: - The values of these polynomials should kept in a secret. - A chosen polynomial must have an inverse

2 nd step. The inverse of f modulo q and the inverse of f modulo p will be computed Properties: f*fq^-1 = 1 (modulo q) and f*fp^-1 = 1 (modulo p) 3 rd step. Product of polynomials will be computed: h = p * ((Fq )*g)mod q. Private key of B: the pair of polynomials f and fp Public key of B: the polynomial h.

Example of a key generation Public parameters (N, p, q, d) = (7, 3, 41, 2). 1. Bob chooses: f (x) = x^6 x^4+x^3+x^2 1 -Private and g(x) = x^6+x^4 x^2 x. 2. Fq(x) = f (x)^ 1 (mod q) = 8x^6 + 26x^5 + 31x^4 + 21x^3 + 40x^2 + 2x + 37 (mod 41). Fp(x) = f (x)^ 1 (mod p) = x^6 + 2x^5 + x^3 + x^2 + x + 1 (mod 3) - Private key of Bob 3. h(x) = p * (Fq )*g(mod q) = 20x^6 + 40x^5 + 2x^4 + 38x^3 + 8x^2 + 26x + 30 (mod 41) - Public key

NTRU Encryption User A has a message to transmit: 1 st step. Puts the message in the form of polynomial m whose coefficients is chosen modulo p between -p/2 and p/2 (centered lift) 2 nd step. Randomly chooses another small polynomial r (to obscure the message). 3 rd step. Computes the encrypted message: e= r*h + m (modulo q)

Example of NTRU Encryption Alice decides to send Bob the message: m(x) = x5 + x3 + x2 x + 1 using the ephemeral key r(x) = x^6 x^5 + x 1. e= r*h + m (modulo q) e(x) 31x^6+19x^5+4x^4+2x^3+40x^2 +3x+25 (mod 41) (N, p, q, d) = (7, 3, 41, 2)

NTRU Decryption B receives a message e from A and would like to decrypt it. 1 st step. Using his private polynomial f he computes a polynomial a= f*e(mod q). B needs to choose coefficients of a that lie in an interval of length q. 2 nd step. He computes the polynomial b=a(mod p). B reduces each of the coefficients of a modulo p. 3 rd step. B uses the other private polynomial fp to compute c=fp*b(modulo p), which is the original message of A.

Example of NTRU Decryption 1. a= f*e(mod q) B computes a x^6 + 10x^5 + 33x^4 + 40x^3 + 40x^2 + x + 40 (mod 41). 2. B then centerlifts modulo q to obtain b = a(mod p) = x^6 + 10x^5 8x^4 x^3 x^2 + x 1 (mod 3). 3. B reduces a(x) modulo p and computes c = Fp(x)*b(x) 2x^5 + x^3 + x^2 + 2x + 1 (mod 3). Centerlifting modulo p retrieves A's plain text m(x) = x5 + x3 +x2 x + 1. (N, p, q, d) = (7, 3, 41, 2)

4. Why the Decryption Works? If the NTRU parameters (N, p, q, d public parameters) are chosen to satisfy q > (6d + 1) p this inequality ensures that decryption never fails. Example (N, p, q, d) = (7, 3, 41, 2). According to the example: 41 = q > (6d + 1)p = 39 According to the latest research the following parameters are considered secure [Wikipedia - the free encyclopedia NTRU Cryptosystems Inc. ]: Parameters N q p Moderate Security 167 128 3 Standard Security 251 128 3 High Security 347 128 3 Highest Security 503 256 3

5. The advantages of NTRU - more efficient encryption and decryption, in both hardware and software implementations; - much faster key generation allowing the use of disposable" keys (because keys are computationally cheap" to create). - low memory use allows it to use in applications such as mobile devices and Smart-cards.

6. Implementation and Comparative Analysis Performance of Encryption and Decryption timings of NTRU

Encryption Analysis DES, RSA, NTRU Performance analysis on encryption for DES, RSA and NTRU methods

Decryption Analysis DES, RSA, NTRU Performance analysis on decryption for DES, RSA and NTRU methods

Performance Analysis and Comparison of Symmetric and Asymmetric Key Cryptosystems Method DES RSA NTRU Approach Symmetric Asymmetric Asymmetric Encryption Faster Slow Fastest Decryption Fastest Slow Faster Key Distribution Difficult Easy Easy Complexity O(Log N) O(N^3) O(NLogN) Security Moderate Highest High

Conclusions According to a paper by Calla Parasitism and Jayapura Prada: - If an application is required with the highest decryption priority DES is more suitable - An asymmetric key cryptographic system provides high security in all ways. Encryption, decryption and complexity are high in NTRU - The RSA provides the highest security to the business application.

References 1. Hoffstein J., Lieman D., Pipher J., Silverman J. NTRU: A Public Key Cryptosystem, NTRU Cryptosystems, Inc. (www.ntru.com). 2. Parasitism C, Prada J. Evaluation of Performance Characteristics of Cryptosystem Using Text Files, Journal of Theoretical and Applied Information Technology, Jatit, 2008 3. Hoffstein J., Pipher J., Silverman J. An Introduction to Mathematical Cryptography, New York, 2008 http://www.springerlink.com/content/978-0-387-77993-5#section=229331&page=4&locus=51 4. Hoffstein J., Pipher J., Silverman J. NTRU A ring based public key cryptosystem 5. Wikipedia - the free encyclopedia NTRU Cryptosystems Inc.

Quiz 1. When and who founded the NTRU Cryptosystem? 2. What are the private keys of a user B? 3. Why r-key used in encryption? 4. What are the advantages of the NTRU cryptosystem and where it can be used? 5. What is the time complexity of the NTRU Cryptosystem?

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback