Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Analysis and Improvements of NTRU Encryption Paddings
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
On the Bit Security of NTRUEncrypt
PKC '03 Proceedings of the 6th International Workshop on Theory and Practice in Public Key Cryptography: Public Key Cryptography
NTRU: A Ring-Based Public Key Cryptosystem
ANTS-III Proceedings of the Third International Symposium on Algorithmic Number Theory
DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION
DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
New chosen-ciphertext attacks on NTRU
PKC'07 Proceedings of the 10th international conference on Practice and theory in public-key cryptography
A hybrid lattice-reduction and meet-in-the-middle attack against NTRU
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
Trading one-wayness against chosen-ciphertext security in factoring-based encryption
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
Choosing NTRUEncrypt Parameters in Light of Combined Lattice Reduction and MITM Approaches
ACNS '09 Proceedings of the 7th International Conference on Applied Cryptography and Network Security
Zero-Knowledge Protocols for NTRU: Application to Identification and Proof of Plaintext Knowledge
ProvSec '09 Proceedings of the 3rd International Conference on Provable Security
An algebraic broadcast attack against NTRU
ACISP'12 Proceedings of the 17th Australasian conference on Information Security and Privacy
| Hi-index | 0.00 |
We consider the NTRU encryption scheme as lately suggested for use, and study the connection between inverting the NTRU primitive (i.e., the one-way function over the message and the blinding information which underlies the NTRU scheme) and recovering the NTRU secret key (universal breaking). We model the inverting algorithms as black-box oracles and do not take any advantage of the internal ways by which the inversion works (namely, it does not have to be done by following the standard decryption algorithm). This allows for secret key recovery directly from the output on several inversion queries even in the absence of decryption failures. Our oracles might be queried on both valid and invalid challenges e, however they are not required to reply (correctly) when their input is invalid. We show that key recovery can be reduced to inverting the NTRU function. The efficiency of the reduction highly depends on the specific values of the parameters. As a side-result, we connect the collisions of the NTRU function with decryption failures which helps us gain a deeper insight into the NTRU primitive.