ntru cryptosystem recent developments
play

NTRU Cryptosystem: Recent Developments Ron Steinfeld School of IT - PowerPoint PPT Presentation

Oct 12, 2022 •517 likes •1.29k views

Introduction NTRU Cryptosystem: Review NTRU Security: Recent Developments NTRU Applications: Recent Developments NTRU Cryptosystem: Recent Developments Ron Steinfeld School of IT Monash University, Australia (partly based on joint work with

  1. Introduction NTRU Cryptosystem: Review NTRU Security: Recent Developments NTRU Applications: Recent Developments NTRU Cryptosystem: Recent Developments Ron Steinfeld School of IT Monash University, Australia (partly based on joint work with Damien Stehl´ e, ENS Lyon, France) Johann Radon Institute (RICAM), Linz, Austria, December 2013 Ron Steinfeld NTRU Cryptosystem: Recent Developments Dec 2013 1/40

  2. Introduction NTRU Cryptosystem: Review NTRU Security: Recent Developments NTRU Applications: Recent Developments Outline of the talk 1- Introduction Background: Why study NTRU? 2- NTRU Cryptosystem: Review 3- Recent Developments on NTRU Security NTRU variant provably as secure as worst-case lattice problems Tools: Discrete Gaussians, Fourier analysis, Ring-LWE 4- Recent Developments on NTRU Applications Fully-Homomorphic Encryption (FHE) from NTRU Cryptographic Multilinear Maps from NTRU 5- Concluding Remarks Ron Steinfeld NTRU Cryptosystem: Recent Developments Dec 2013 2/40

  3. Introduction NTRU Cryptosystem: Review NTRU Security: Recent Developments NTRU Applications: Recent Developments The NTRU Cryptosystem NTRUEncrypt : A public-key encryption scheme. 1996: Proposed by Hoffstein, Pipher & Silverman. 1997: Lattice attacks by Coppersmith & Shamir. 1998: Revised by Hoffstein et al. In the last 15 years: Several minor improvements to the lattice attacks. Attacks for isolated sets of parameters. But the design has proved very robust. In the last 3 years (this talk): Variants with a provable security foundation Variants with new functionality Ron Steinfeld NTRU Cryptosystem: Recent Developments Dec 2013 3/40

  4. Introduction NTRU Cryptosystem: Review NTRU Security: Recent Developments NTRU Applications: Recent Developments The NTRU Cryptosystem NTRUEncrypt : A public-key encryption scheme. 1996: Proposed by Hoffstein, Pipher & Silverman. 1997: Lattice attacks by Coppersmith & Shamir. 1998: Revised by Hoffstein et al. In the last 15 years: Several minor improvements to the lattice attacks. Attacks for isolated sets of parameters. But the design has proved very robust. In the last 3 years (this talk): Variants with a provable security foundation Variants with new functionality Ron Steinfeld NTRU Cryptosystem: Recent Developments Dec 2013 3/40

  5. Introduction NTRU Cryptosystem: Review NTRU Security: Recent Developments NTRU Applications: Recent Developments The NTRU Cryptosystem NTRUEncrypt : A public-key encryption scheme. 1996: Proposed by Hoffstein, Pipher & Silverman. 1997: Lattice attacks by Coppersmith & Shamir. 1998: Revised by Hoffstein et al. In the last 15 years: Several minor improvements to the lattice attacks. Attacks for isolated sets of parameters. But the design has proved very robust. In the last 3 years (this talk): Variants with a provable security foundation Variants with new functionality Ron Steinfeld NTRU Cryptosystem: Recent Developments Dec 2013 3/40

  6. Introduction NTRU Cryptosystem: Review NTRU Security: Recent Developments NTRU Applications: Recent Developments Why study NTRU Cryptosystem? Standardized: IEEE P1363. Commercialized: Security Innovation. Super-fast (comparison to 1024-bit RSA, based on an NTRU brochure) : Encryption ∼ 10 times faster Decryption ∼ 100 times faster Asymptotically: � O ( λ ) versus � O ( λ 6 ), for security 2 λ Interesting security features: No integer factoring nor discrete logs Seems to resist practical attacks Seems to resist quantum attacks Ron Steinfeld NTRU Cryptosystem: Recent Developments Dec 2013 4/40

  7. Introduction NTRU Cryptosystem: Review NTRU Security: Recent Developments NTRU Applications: Recent Developments Why study NTRU Cryptosystem? Standardized: IEEE P1363. Commercialized: Security Innovation. Super-fast (comparison to 1024-bit RSA, based on an NTRU brochure) : Encryption ∼ 10 times faster Decryption ∼ 100 times faster Asymptotically: � O ( λ ) versus � O ( λ 6 ), for security 2 λ Interesting security features: No integer factoring nor discrete logs Seems to resist practical attacks Seems to resist quantum attacks Ron Steinfeld NTRU Cryptosystem: Recent Developments Dec 2013 4/40

  8. Introduction NTRU Cryptosystem: Review NTRU Security: Recent Developments NTRU Applications: Recent Developments Why study NTRU Cryptosystem? Standardized: IEEE P1363. Commercialized: Security Innovation. Super-fast (comparison to 1024-bit RSA, based on an NTRU brochure) : Encryption ∼ 10 times faster Decryption ∼ 100 times faster Asymptotically: � O ( λ ) versus � O ( λ 6 ), for security 2 λ Interesting security features: No integer factoring nor discrete logs Seems to resist practical attacks Seems to resist quantum attacks Ron Steinfeld NTRU Cryptosystem: Recent Developments Dec 2013 4/40

  9. Introduction NTRU Cryptosystem: Review NTRU Security: Recent Developments NTRU Applications: Recent Developments Polynomial Rings Take φ ∈ Z [ x ] monic of degree n . � � R φ := Z [ x ] / ( φ ) , + , × . Interesting φ ’s: φ = x n − 1 → R − , φ = x n + 1 → R + . For n a power of 2, the ring R + is isomorphic to the ring of integers of K = Q [e i π/ n ]: Q [ x ] / ( x n + 1) K ≃ Z [ x ] / ( x n + 1) . O K ≃ ⇒ Rich algebraic structure (great for design and proofs). Ron Steinfeld NTRU Cryptosystem: Recent Developments Dec 2013 5/40

  10. Introduction NTRU Cryptosystem: Review NTRU Security: Recent Developments NTRU Applications: Recent Developments Polynomial Rings Take φ ∈ Z [ x ] monic of degree n . � � R φ := Z [ x ] / ( φ ) , + , × . Interesting φ ’s: φ = x n − 1 → R − , φ = x n + 1 → R + . For n a power of 2, the ring R + is isomorphic to the ring of integers of K = Q [e i π/ n ]: Q [ x ] / ( x n + 1) K ≃ Z [ x ] / ( x n + 1) . O K ≃ ⇒ Rich algebraic structure (great for design and proofs). Ron Steinfeld NTRU Cryptosystem: Recent Developments Dec 2013 5/40

  11. Introduction NTRU Cryptosystem: Review NTRU Security: Recent Developments NTRU Applications: Recent Developments Polynomial Rings Take φ ∈ Z [ x ] monic of degree n . � � R φ := Z [ x ] / ( φ ) , + , × . Interesting φ ’s: φ = x n − 1 → R − , φ = x n + 1 → R + . For n a power of 2, the ring R + is isomorphic to the ring of integers of K = Q [e i π/ n ]: Q [ x ] / ( x n + 1) K ≃ Z [ x ] / ( x n + 1) . O K ≃ ⇒ Rich algebraic structure (great for design and proofs). Ron Steinfeld NTRU Cryptosystem: Recent Developments Dec 2013 5/40

  12. Introduction NTRU Cryptosystem: Review NTRU Security: Recent Developments NTRU Applications: Recent Developments Polynomial Rings Let q ≥ 2 and Z q = Z / q Z . � � R φ := Z q [ x ] / ( φ ) , + , × . q Arithmetic in R φ q costs � O ( n log q ). R + q is isomorphic to O K / ( q ). The key to decryption correctness If f ∈ R φ is known to have coefficients in ( − q / 2 , q / 2), then f mod q uniquely determines f . Ron Steinfeld NTRU Cryptosystem: Recent Developments Dec 2013 6/40

  13. Introduction NTRU Cryptosystem: Review NTRU Security: Recent Developments NTRU Applications: Recent Developments Polynomial Rings Let q ≥ 2 and Z q = Z / q Z . � � R φ := Z q [ x ] / ( φ ) , + , × . q Arithmetic in R φ q costs � O ( n log q ). R + q is isomorphic to O K / ( q ). The key to decryption correctness If f ∈ R φ is known to have coefficients in ( − q / 2 , q / 2), then f mod q uniquely determines f . Ron Steinfeld NTRU Cryptosystem: Recent Developments Dec 2013 6/40

  14. Introduction NTRU Cryptosystem: Review NTRU Security: Recent Developments NTRU Applications: Recent Developments Polynomial Rings Let q ≥ 2 and Z q = Z / q Z . � � R φ := Z q [ x ] / ( φ ) , + , × . q Arithmetic in R φ q costs � O ( n log q ). R + q is isomorphic to O K / ( q ). The key to decryption correctness If f ∈ R φ is known to have coefficients in ( − q / 2 , q / 2), then f mod q uniquely determines f . Ron Steinfeld NTRU Cryptosystem: Recent Developments Dec 2013 6/40

  15. Introduction NTRU Cryptosystem: Review NTRU Security: Recent Developments NTRU Applications: Recent Developments NTRU Cryptosystem: Key Generation Parameters: n prime, q ≈ n a power of 2, p small, φ = x n − 1. (e.g. ( n , q , p ) = (503 , 256 , 3)) . Secret key sk : f , g ∈ R − sampled indep. from distrib. χ σ with: f is invertible mod q and mod p The coeffs of f and g are small Supp ( χ σ ) = {− 1 , 0 , 1 } n . Public key pk : h = g / f mod q . Security intuition q , finding g , f ∈ R − small s.t. h = g / f [ q ] is hard. Given h ∈ R − Ron Steinfeld NTRU Cryptosystem: Recent Developments Dec 2013 7/40

  16. Introduction NTRU Cryptosystem: Review NTRU Security: Recent Developments NTRU Applications: Recent Developments NTRU Cryptosystem: Key Generation Parameters: n prime, q ≈ n a power of 2, p small, φ = x n − 1. (e.g. ( n , q , p ) = (503 , 256 , 3)) . Secret key sk : f , g ∈ R − sampled indep. from distrib. χ σ with: f is invertible mod q and mod p The coeffs of f and g are small Supp ( χ σ ) = {− 1 , 0 , 1 } n . Public key pk : h = g / f mod q . Security intuition q , finding g , f ∈ R − small s.t. h = g / f [ q ] is hard. Given h ∈ R − Ron Steinfeld NTRU Cryptosystem: Recent Developments Dec 2013 7/40

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Hand arm Vibration & Hand-arm Vibration & Recent Developments Recent Developments

Hand arm Vibration & Hand-arm Vibration & Recent Developments Recent Developments

Hand arm Vibration & Hand-arm Vibration & Recent Developments Recent Developments Stuart McGregor & Bruce Appleton Noise & Vibration Specialists p Health & Safety Executive What we are going to talk about What we are

415 views • 28 slides
Macroeconomic Overview of India: Recent Trends and Developments Recent Trends and Developments

Macroeconomic Overview of India: Recent Trends and Developments Recent Trends and Developments

Macroeconomic Overview of India: Recent Trends and Developments Recent Trends and Developments Mathew Joseph Senior Consultant, ICRIER India-Taiwan Relations ICRIER-CIER Joint Feasibility Study New Delhi 1 7 January 2011 1 Structure 1. An

505 views • 18 slides
Recent Economic Developments Recent Economic Developments January, 2 0 0 9 Published by

Recent Economic Developments Recent Economic Developments January, 2 0 0 9 Published by

REPUBLIC OF INDONESIA Recent Economic Developments Recent Economic Developments January, 2 0 0 9 Published by Investors Relations Unit Republic Indonesia Address Bank Indonesia International Directorate / Division of Foreign Debt Analysis

1.65k views • 115 slides
The Paillier Cryptosystem A Look Into The Cryptosystem And Its Potential Application By Michael

The Paillier Cryptosystem A Look Into The Cryptosystem And Its Potential Application By Michael

The Paillier Cryptosystem A Look Into The Cryptosystem And Its Potential Application By Michael OKeeffe The College of New Jersey Mathematics Department April 18, 2008 A BSTRACT So long as there are secrets, there is a need for encryption

357 views • 16 slides
Fuel Poverty - recent developments and next steps 13 th November 2013 Recent developments

Fuel Poverty - recent developments and next steps 13 th November 2013 Recent developments

Fuel Poverty - recent developments and next steps 13 th November 2013 Recent developments Announcement on definition Fuel Poverty Changing the Framework for Measurement: Government response Steps to amend the fuel poverty target

183 views • 15 slides
FDI Recent changes in Policy, Sectoral and other developments CA Shabbir Motorwala 22

FDI Recent changes in Policy, Sectoral and other developments CA Shabbir Motorwala 22

FDI Recent changes in Policy, Sectoral and other developments CA Shabbir Motorwala 22 December 2018 CTC - Intensive study course on FEMA Mumbai 1 Conten Co ents Overview of FEMA Inbound Investment Recent Developments FEMA 20

593 views • 35 slides
Public procurement law recent developments Christopher Brown cbrown@matrixlaw.co.uk

Public procurement law recent developments Christopher Brown cbrown@matrixlaw.co.uk

Public procurement law recent developments Christopher Brown cbrown@matrixlaw.co.uk @CBrownMatrix Overview The reform agenda Recent CJEU developments Recent domestic litigation The reform agenda December 2011: Commission

240 views • 11 slides
Data Protection in Israel Overview & Recent Developments in Financial Sector David

Data Protection in Israel Overview & Recent Developments in Financial Sector David

Data Protection in Israel Overview & Recent Developments in Financial Sector David Mirchin Head of Technology Transactions Group 2009 2 2010-2011 Bad luck 3 Topics 1. Context: Recent Developments 2. EU: Israel Adequately

534 views • 28 slides
Recent Developments in Disjunctive Programming Egon Balas Carnegie Mellon University Recent

Recent Developments in Disjunctive Programming Egon Balas Carnegie Mellon University Recent

Recent Developments in Disjunctive Programming Egon Balas Carnegie Mellon University Recent Developments in Disjunctive Programming 01.09.17 1 / 56 Recent Developments in Disjunctive Programming 1. Background and basic results 2.

886 views • 56 slides
Graphical Causal Models for Time Series Econometrics: Some Recent Developments and Applications

Graphical Causal Models for Time Series Econometrics: Some Recent Developments and Applications

Introduction SVAR GMs Application to SVAR Recent Developments Graphical Causal Models for Time Series Econometrics: Some Recent Developments and Applications Alessio Moneta Max Planck Institute of Economics, Jena 10 December 2009

900 views • 60 slides
Recent developments in Resource Adequacy in California Karl Meeusen, PhD Senior Advisor

Recent developments in Resource Adequacy in California Karl Meeusen, PhD Senior Advisor

Recent developments in Resource Adequacy in California Karl Meeusen, PhD Senior Advisor Infrastructure and Regulatory Policy WECC Market Interface Committee June 27, 2019 Overview Overview Recent developments at the CPUC

453 views • 8 slides
Revisiting Lattice Attacks on overstretched NTRU parameters P. Kirchner & P-A. Fouque

Revisiting Lattice Attacks on overstretched NTRU parameters P. Kirchner & P-A. Fouque

Revisiting Lattice Attacks on overstretched NTRU parameters P. Kirchner & P-A. Fouque Universit de Rennes 1, France EUROCRYPT 2017 05/01/17 1 Plan 1. Background on NTRU and Previous Attacks 2. A New Subring Attack 3.

697 views • 40 slides
Some recent developments in gravitational lensing to

Some recent developments in gravitational lensing to

Some recent developments in gravitational lensing to professors Toshi Futamase, Hideo Kodama and Misao Sasaki Matthias Bartelmann, Heidelberg University, Institute for Theoretical Astrophysics JGRG22,

614 views • 25 slides
Income-tax w.r.t. Real Estate Transactions Select Issues and Recent Developments Jagdish T

Income-tax w.r.t. Real Estate Transactions Select Issues and Recent Developments Jagdish T

Income-tax w.r.t. Real Estate Transactions Select Issues and Recent Developments Jagdish T Punjabi April 15, 2019 Table of Contents Slide Nos. Sr. No. Particulars From To 1 Synopsis Recent Developments 6 7 2 Synopsis

745 views • 63 slides
Recent PVS Language Developments Sam Owre owre@csl.sri.com URL: http://www.csl.sri.com/~owre/

Recent PVS Language Developments Sam Owre owre@csl.sri.com URL: http://www.csl.sri.com/~owre/

Recent PVS Language Developments Sam Owre owre@csl.sri.com URL: http://www.csl.sri.com/~owre/ Computer Science Laboratory SRI International Menlo Park, CA August 21, 2006 Sam Owre AFM06 tutorial: 1 Recent PVS

518 views • 28 slides
Agenda this Month Recent tax cases Other HMRC announcements and other tax developments

Agenda this Month Recent tax cases Other HMRC announcements and other tax developments

Agenda this Month Recent tax cases Other HMRC announcements and other tax developments Whats in the Budget? Recent tax cases Directors Loan Write -Off Scheme Section 415 ITTOIA 2005 taxed as dividend? Espirit

620 views • 36 slides
Neural Entity Linking on Technical Service Tickets Nadja Kurz, Felix Hamann, Adrian Ulges

Neural Entity Linking on Technical Service Tickets Nadja Kurz, Felix Hamann, Adrian Ulges

Neural Entity Linking on Technical Service Tickets Nadja Kurz, Felix Hamann, Adrian Ulges felix.hamann@hs-rm.de 6/25/2020 Knowledge Management Documentation is scarce and heterogeneous Laser- diode Scanning Device Am Verleimteil

512 views • 12 slides
Inter-domain Role Mapping and Least Privilege Liang Chen Jason Crampton Information Security

Inter-domain Role Mapping and Least Privilege Liang Chen Jason Crampton Information Security

Inter-domain Role Mapping and Least Privilege Liang Chen Jason Crampton Information Security Group, Royal Holloway, University of London 12th ACM Symposium on Access Control Models and Technologies IDRM and Least Privilege Introduction

458 views • 18 slides
Remarks on 2PI formalisms and the fRG Functional Renormalization from quantum gravity and

Remarks on 2PI formalisms and the fRG Functional Renormalization from quantum gravity and

Remarks on 2PI formalisms and the fRG Functional Renormalization from quantum gravity and dark energy to ultracold atoms and condensed matter Heidelberg, March 10, 2017 Based on work done in collaboration with J. Pawlowski and U. Reinosa A

585 views • 15 slides
Towards a Synchronous React ive UML Prof ile? Robert de Simone Charles Andr SVERTS

Towards a Synchronous React ive UML Prof ile? Robert de Simone Charles Andr SVERTS

Towards a Synchronous React ive UML Prof ile? Robert de Simone Charles Andr SVERTS San Francisco 2003 Charles ANDRE Synchronous hypot heses S/ R st ands f or Synchronous React ive Logical division of t ime int o inst ant

349 views • 16 slides
Evaluating Network Security Using Internet-wide Measurements Oliver Gasser Ph. D. Defense, Friday

Evaluating Network Security Using Internet-wide Measurements Oliver Gasser Ph. D. Defense, Friday

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Evaluating Network Security Using Internet-wide Measurements Oliver Gasser Ph. D. Defense, Friday 24 th May, 2019 Chairman: Prof. Dr. Jrg

877 views • 55 slides
KAM Tori Are No More Than Sticky Rome, 58 February 2019 David Sauzin, CNRS IMCCE UMR 8028

KAM Tori Are No More Than Sticky Rome, 58 February 2019 David Sauzin, CNRS IMCCE UMR 8028

KAM Tori Are No More Than Sticky Rome, 58 February 2019 David Sauzin, CNRS IMCCE UMR 8028 Observatoire de Paris PSL Research University 1/13 Theorem (B.Fayad-D.S. 2018) 2/13 Theorem (B.Fayad-D.S. 2018) For any N 3, the

1.81k views • 111 slides
Linux Foundation Collaboration Summit 2009 LTTng, Filling the Gap Between Kernel Instrumentation

Linux Foundation Collaboration Summit 2009 LTTng, Filling the Gap Between Kernel Instrumentation

Linux Foundation Collaboration Summit 2009 LTTng, Filling the Gap Between Kernel Instrumentation and a Widely Usable Kernel Tracer April 9th, 2009 Mathieu Desnoyers, cole Polytechnique de Montral 1 > Plan Presenter Tracing

539 views • 25 slides
scheduling 2 FCFS, RR, priority, SRTF 1 last time xv6 scheduler design separate scheduler

scheduling 2 FCFS, RR, priority, SRTF 1 last time xv6 scheduler design separate scheduler

scheduling 2 FCFS, RR, priority, SRTF 1 last time xv6 scheduler design separate scheduler thread disable interrupts while changing thread states threads versus processes thread: part on processor core xv6: each process has exactly one

1.12k views • 65 slides

More recommend