A hierarchy of polynomial time lattice basis reduction algorithms
Theoretical Computer Science
Public-key cryptosystems provably secure against chosen ciphertext attacks
STOC '90 Proceedings of the twenty-second annual ACM symposium on Theory of computing
SIAM Journal on Computing
REACT: Rapid Enhanced-Security Asymmetric Cryptosystem Transform
CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
Reaction Attacks against several Public-Key Cryptosystems
ICICS '99 Proceedings of the Second International Conference on Information and Communication Security
A Chosen-Ciphertext Attack against NTRU
CRYPTO '00 Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology
RSA-OAEP Is Secure under the RSA Assumption
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
Relations Among Notions of Security for Public-Key Encryption Schemes
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Secure Integration of Asymmetric and Symmetric Encryption Schemes
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Key Recovery and Message Attacks on NTRU-Composite
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
Chosen-Ciphertext Security for Any One-Way Cryptosystem
PKC '00 Proceedings of the Third International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography
NTRU: A Ring-Based Public Key Cryptosystem
ANTS-III Proceedings of the Third International Symposium on Algorithmic Number Theory
Improving Lattice Based Cryptosystems Using the Hermite Normal Form
CaLC '01 Revised Papers from the International Conference on Cryptography and Lattices
Dimension Reduction Methods for Convolution Modular Lattices
CaLC '01 Revised Papers from the International Conference on Cryptography and Lattices
The Two Faces of Lattices in Cryptology
CaLC '01 Revised Papers from the International Conference on Cryptography and Lattices
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
On the Bit Security of NTRUEncrypt
PKC '03 Proceedings of the 6th International Workshop on Theory and Practice in Public Key Cryptography: Public Key Cryptography
A wrap error attack against NTRUEncrypt
Discrete Applied Mathematics - Special issue: Coding and cryptography
Algebraic Cryptanalysis of CTRU Cryptosystem
COCOON '08 Proceedings of the 14th annual international conference on Computing and Combinatorics
A wrap error attack against NTRUEncrypt
Discrete Applied Mathematics - Special issue: Coding and cryptography
Key recovery attacks on NTRU without ciphertext validation routine
ACISP'03 Proceedings of the 8th Australasian conference on Information security and privacy
Multi-bit cryptosystems based on lattice problems
PKC'07 Proceedings of the 10th international conference on Practice and theory in public-key cryptography
Cryptanalysis of the public-key encryption based on braid groups
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Recovering NTRU secret key from inversion oracles
PKC'08 Proceedings of the Practice and theory in public key cryptography, 11th international conference on Public key cryptography
MaTRU: a new NTRU-Based cryptosystem
INDOCRYPT'05 Proceedings of the 6th international conference on Cryptology in India
NTRUCCA: how to strengthen NTRUEncrypt to chosen-ciphertext security in the standard model
PKC'12 Proceedings of the 15th international conference on Practice and Theory in Public Key Cryptography
An algebraic broadcast attack against NTRU
ACISP'12 Proceedings of the 17th Australasian conference on Information Security and Privacy
First-order collision attack on protected NTRU cryptosystem
Microprocessors & Microsystems
| Hi-index | 0.00 |
NTRU is an efficient patented public-key cryptosystem proposed in 1996 by Hoffstein, Pipher and Silverman. Although no devastating weakness of NTRU has been found, Jaulmes and Joux presented at Crypto '00 a simple chosen-ciphertext attack against NTRU as originally described. This led Hoffstein and Silverman to propose three encryption padding schemes more or less based on previous work by Fujisaki and Okamoto on strengthening encryption schemes. It was claimed that these three padding schemes made NTRU secure against adaptive chosen-ciphertext attacks (IND-CCA2) in the random oracle model. In this paper, we analyze and compare the three NTRU schemes obtained. It turns out that the first one is not even semantically secure (INDCPA). The second and third ones can be proven IND-CCA2-secure in the random oracle model, under however rather unusual assumptions. They indeed require a partial-domain one-wayness of the NTRU one-way function which is likely to be a stronger assumption than the one-wayness of the NTRU one-way function. We propose several modifications to achieve IND-CCA2-security in the random oracle model under the original NTRU inversion assumption.