ntru cryptosystem recent developments
play

NTRU Cryptosystem: Recent Developments Ron Steinfeld School of IT - PowerPoint PPT Presentation

Oct 12, 2022 •517 likes •1.29k views

Introduction NTRU Cryptosystem: Review NTRU Security: Recent Developments NTRU Applications: Recent Developments NTRU Cryptosystem: Recent Developments Ron Steinfeld School of IT Monash University, Australia (partly based on joint work with

  1. Introduction NTRU Cryptosystem: Review NTRU Security: Recent Developments NTRU Applications: Recent Developments NTRU Cryptosystem: Recent Developments Ron Steinfeld School of IT Monash University, Australia (partly based on joint work with Damien Stehl´ e, ENS Lyon, France) Johann Radon Institute (RICAM), Linz, Austria, December 2013 Ron Steinfeld NTRU Cryptosystem: Recent Developments Dec 2013 1/40

  2. Introduction NTRU Cryptosystem: Review NTRU Security: Recent Developments NTRU Applications: Recent Developments Outline of the talk 1- Introduction Background: Why study NTRU? 2- NTRU Cryptosystem: Review 3- Recent Developments on NTRU Security NTRU variant provably as secure as worst-case lattice problems Tools: Discrete Gaussians, Fourier analysis, Ring-LWE 4- Recent Developments on NTRU Applications Fully-Homomorphic Encryption (FHE) from NTRU Cryptographic Multilinear Maps from NTRU 5- Concluding Remarks Ron Steinfeld NTRU Cryptosystem: Recent Developments Dec 2013 2/40

  3. Introduction NTRU Cryptosystem: Review NTRU Security: Recent Developments NTRU Applications: Recent Developments The NTRU Cryptosystem NTRUEncrypt : A public-key encryption scheme. 1996: Proposed by Hoffstein, Pipher & Silverman. 1997: Lattice attacks by Coppersmith & Shamir. 1998: Revised by Hoffstein et al. In the last 15 years: Several minor improvements to the lattice attacks. Attacks for isolated sets of parameters. But the design has proved very robust. In the last 3 years (this talk): Variants with a provable security foundation Variants with new functionality Ron Steinfeld NTRU Cryptosystem: Recent Developments Dec 2013 3/40

  4. Introduction NTRU Cryptosystem: Review NTRU Security: Recent Developments NTRU Applications: Recent Developments The NTRU Cryptosystem NTRUEncrypt : A public-key encryption scheme. 1996: Proposed by Hoffstein, Pipher & Silverman. 1997: Lattice attacks by Coppersmith & Shamir. 1998: Revised by Hoffstein et al. In the last 15 years: Several minor improvements to the lattice attacks. Attacks for isolated sets of parameters. But the design has proved very robust. In the last 3 years (this talk): Variants with a provable security foundation Variants with new functionality Ron Steinfeld NTRU Cryptosystem: Recent Developments Dec 2013 3/40

  5. Introduction NTRU Cryptosystem: Review NTRU Security: Recent Developments NTRU Applications: Recent Developments The NTRU Cryptosystem NTRUEncrypt : A public-key encryption scheme. 1996: Proposed by Hoffstein, Pipher & Silverman. 1997: Lattice attacks by Coppersmith & Shamir. 1998: Revised by Hoffstein et al. In the last 15 years: Several minor improvements to the lattice attacks. Attacks for isolated sets of parameters. But the design has proved very robust. In the last 3 years (this talk): Variants with a provable security foundation Variants with new functionality Ron Steinfeld NTRU Cryptosystem: Recent Developments Dec 2013 3/40

  6. Introduction NTRU Cryptosystem: Review NTRU Security: Recent Developments NTRU Applications: Recent Developments Why study NTRU Cryptosystem? Standardized: IEEE P1363. Commercialized: Security Innovation. Super-fast (comparison to 1024-bit RSA, based on an NTRU brochure) : Encryption ∼ 10 times faster Decryption ∼ 100 times faster Asymptotically: � O ( λ ) versus � O ( λ 6 ), for security 2 λ Interesting security features: No integer factoring nor discrete logs Seems to resist practical attacks Seems to resist quantum attacks Ron Steinfeld NTRU Cryptosystem: Recent Developments Dec 2013 4/40

  7. Introduction NTRU Cryptosystem: Review NTRU Security: Recent Developments NTRU Applications: Recent Developments Why study NTRU Cryptosystem? Standardized: IEEE P1363. Commercialized: Security Innovation. Super-fast (comparison to 1024-bit RSA, based on an NTRU brochure) : Encryption ∼ 10 times faster Decryption ∼ 100 times faster Asymptotically: � O ( λ ) versus � O ( λ 6 ), for security 2 λ Interesting security features: No integer factoring nor discrete logs Seems to resist practical attacks Seems to resist quantum attacks Ron Steinfeld NTRU Cryptosystem: Recent Developments Dec 2013 4/40

  8. Introduction NTRU Cryptosystem: Review NTRU Security: Recent Developments NTRU Applications: Recent Developments Why study NTRU Cryptosystem? Standardized: IEEE P1363. Commercialized: Security Innovation. Super-fast (comparison to 1024-bit RSA, based on an NTRU brochure) : Encryption ∼ 10 times faster Decryption ∼ 100 times faster Asymptotically: � O ( λ ) versus � O ( λ 6 ), for security 2 λ Interesting security features: No integer factoring nor discrete logs Seems to resist practical attacks Seems to resist quantum attacks Ron Steinfeld NTRU Cryptosystem: Recent Developments Dec 2013 4/40

  9. Introduction NTRU Cryptosystem: Review NTRU Security: Recent Developments NTRU Applications: Recent Developments Polynomial Rings Take φ ∈ Z [ x ] monic of degree n . � � R φ := Z [ x ] / ( φ ) , + , × . Interesting φ ’s: φ = x n − 1 → R − , φ = x n + 1 → R + . For n a power of 2, the ring R + is isomorphic to the ring of integers of K = Q [e i π/ n ]: Q [ x ] / ( x n + 1) K ≃ Z [ x ] / ( x n + 1) . O K ≃ ⇒ Rich algebraic structure (great for design and proofs). Ron Steinfeld NTRU Cryptosystem: Recent Developments Dec 2013 5/40

  10. Introduction NTRU Cryptosystem: Review NTRU Security: Recent Developments NTRU Applications: Recent Developments Polynomial Rings Take φ ∈ Z [ x ] monic of degree n . � � R φ := Z [ x ] / ( φ ) , + , × . Interesting φ ’s: φ = x n − 1 → R − , φ = x n + 1 → R + . For n a power of 2, the ring R + is isomorphic to the ring of integers of K = Q [e i π/ n ]: Q [ x ] / ( x n + 1) K ≃ Z [ x ] / ( x n + 1) . O K ≃ ⇒ Rich algebraic structure (great for design and proofs). Ron Steinfeld NTRU Cryptosystem: Recent Developments Dec 2013 5/40

  11. Introduction NTRU Cryptosystem: Review NTRU Security: Recent Developments NTRU Applications: Recent Developments Polynomial Rings Take φ ∈ Z [ x ] monic of degree n . � � R φ := Z [ x ] / ( φ ) , + , × . Interesting φ ’s: φ = x n − 1 → R − , φ = x n + 1 → R + . For n a power of 2, the ring R + is isomorphic to the ring of integers of K = Q [e i π/ n ]: Q [ x ] / ( x n + 1) K ≃ Z [ x ] / ( x n + 1) . O K ≃ ⇒ Rich algebraic structure (great for design and proofs). Ron Steinfeld NTRU Cryptosystem: Recent Developments Dec 2013 5/40

  12. Introduction NTRU Cryptosystem: Review NTRU Security: Recent Developments NTRU Applications: Recent Developments Polynomial Rings Let q ≥ 2 and Z q = Z / q Z . � � R φ := Z q [ x ] / ( φ ) , + , × . q Arithmetic in R φ q costs � O ( n log q ). R + q is isomorphic to O K / ( q ). The key to decryption correctness If f ∈ R φ is known to have coefficients in ( − q / 2 , q / 2), then f mod q uniquely determines f . Ron Steinfeld NTRU Cryptosystem: Recent Developments Dec 2013 6/40

  13. Introduction NTRU Cryptosystem: Review NTRU Security: Recent Developments NTRU Applications: Recent Developments Polynomial Rings Let q ≥ 2 and Z q = Z / q Z . � � R φ := Z q [ x ] / ( φ ) , + , × . q Arithmetic in R φ q costs � O ( n log q ). R + q is isomorphic to O K / ( q ). The key to decryption correctness If f ∈ R φ is known to have coefficients in ( − q / 2 , q / 2), then f mod q uniquely determines f . Ron Steinfeld NTRU Cryptosystem: Recent Developments Dec 2013 6/40

  14. Introduction NTRU Cryptosystem: Review NTRU Security: Recent Developments NTRU Applications: Recent Developments Polynomial Rings Let q ≥ 2 and Z q = Z / q Z . � � R φ := Z q [ x ] / ( φ ) , + , × . q Arithmetic in R φ q costs � O ( n log q ). R + q is isomorphic to O K / ( q ). The key to decryption correctness If f ∈ R φ is known to have coefficients in ( − q / 2 , q / 2), then f mod q uniquely determines f . Ron Steinfeld NTRU Cryptosystem: Recent Developments Dec 2013 6/40

  15. Introduction NTRU Cryptosystem: Review NTRU Security: Recent Developments NTRU Applications: Recent Developments NTRU Cryptosystem: Key Generation Parameters: n prime, q ≈ n a power of 2, p small, φ = x n − 1. (e.g. ( n , q , p ) = (503 , 256 , 3)) . Secret key sk : f , g ∈ R − sampled indep. from distrib. χ σ with: f is invertible mod q and mod p The coeffs of f and g are small Supp ( χ σ ) = {− 1 , 0 , 1 } n . Public key pk : h = g / f mod q . Security intuition q , finding g , f ∈ R − small s.t. h = g / f [ q ] is hard. Given h ∈ R − Ron Steinfeld NTRU Cryptosystem: Recent Developments Dec 2013 7/40

  16. Introduction NTRU Cryptosystem: Review NTRU Security: Recent Developments NTRU Applications: Recent Developments NTRU Cryptosystem: Key Generation Parameters: n prime, q ≈ n a power of 2, p small, φ = x n − 1. (e.g. ( n , q , p ) = (503 , 256 , 3)) . Secret key sk : f , g ∈ R − sampled indep. from distrib. χ σ with: f is invertible mod q and mod p The coeffs of f and g are small Supp ( χ σ ) = {− 1 , 0 , 1 } n . Public key pk : h = g / f mod q . Security intuition q , finding g , f ∈ R − small s.t. h = g / f [ q ] is hard. Given h ∈ R − Ron Steinfeld NTRU Cryptosystem: Recent Developments Dec 2013 7/40

Recommend

Hand arm Vibration & Hand-arm Vibration & Recent Developments Recent Developments

Hand arm Vibration & Hand-arm Vibration & Recent Developments Recent Developments

Hand arm Vibration & Hand-arm Vibration & Recent Developments Recent Developments Stuart McGregor & Bruce Appleton Noise & Vibration Specialists p Health & Safety Executive What we are going to talk about What we are

415 views • 28 slides
Macroeconomic Overview of India: Recent Trends and Developments Recent Trends and Developments

Macroeconomic Overview of India: Recent Trends and Developments Recent Trends and Developments

Macroeconomic Overview of India: Recent Trends and Developments Recent Trends and Developments Mathew Joseph Senior Consultant, ICRIER India-Taiwan Relations ICRIER-CIER Joint Feasibility Study New Delhi 1 7 January 2011 1 Structure 1. An

505 views • 18 slides
Recent Economic Developments Recent Economic Developments January, 2 0 0 9 Published by

Recent Economic Developments Recent Economic Developments January, 2 0 0 9 Published by

REPUBLIC OF INDONESIA Recent Economic Developments Recent Economic Developments January, 2 0 0 9 Published by Investors Relations Unit Republic Indonesia Address Bank Indonesia International Directorate / Division of Foreign Debt Analysis

1.65k views • 115 slides
The Paillier Cryptosystem A Look Into The Cryptosystem And Its Potential Application By Michael

The Paillier Cryptosystem A Look Into The Cryptosystem And Its Potential Application By Michael

The Paillier Cryptosystem A Look Into The Cryptosystem And Its Potential Application By Michael OKeeffe The College of New Jersey Mathematics Department April 18, 2008 A BSTRACT So long as there are secrets, there is a need for encryption

357 views • 16 slides
Fuel Poverty - recent developments and next steps 13 th November 2013 Recent developments

Fuel Poverty - recent developments and next steps 13 th November 2013 Recent developments

Fuel Poverty - recent developments and next steps 13 th November 2013 Recent developments Announcement on definition Fuel Poverty Changing the Framework for Measurement: Government response Steps to amend the fuel poverty target

183 views • 15 slides
FDI Recent changes in Policy, Sectoral and other developments CA Shabbir Motorwala 22

FDI Recent changes in Policy, Sectoral and other developments CA Shabbir Motorwala 22

FDI Recent changes in Policy, Sectoral and other developments CA Shabbir Motorwala 22 December 2018 CTC - Intensive study course on FEMA Mumbai 1 Conten Co ents Overview of FEMA Inbound Investment Recent Developments FEMA 20

593 views • 35 slides
Public procurement law recent developments Christopher Brown cbrown@matrixlaw.co.uk

Public procurement law recent developments Christopher Brown cbrown@matrixlaw.co.uk

Public procurement law recent developments Christopher Brown cbrown@matrixlaw.co.uk @CBrownMatrix Overview The reform agenda Recent CJEU developments Recent domestic litigation The reform agenda December 2011: Commission

240 views • 11 slides
Data Protection in Israel Overview & Recent Developments in Financial Sector David

Data Protection in Israel Overview & Recent Developments in Financial Sector David

Data Protection in Israel Overview & Recent Developments in Financial Sector David Mirchin Head of Technology Transactions Group 2009 2 2010-2011 Bad luck 3 Topics 1. Context: Recent Developments 2. EU: Israel Adequately

534 views • 28 slides
Recent Developments in Disjunctive Programming Egon Balas Carnegie Mellon University Recent

Recent Developments in Disjunctive Programming Egon Balas Carnegie Mellon University Recent

Recent Developments in Disjunctive Programming Egon Balas Carnegie Mellon University Recent Developments in Disjunctive Programming 01.09.17 1 / 56 Recent Developments in Disjunctive Programming 1. Background and basic results 2.

886 views • 56 slides
Graphical Causal Models for Time Series Econometrics: Some Recent Developments and Applications

Graphical Causal Models for Time Series Econometrics: Some Recent Developments and Applications

Introduction SVAR GMs Application to SVAR Recent Developments Graphical Causal Models for Time Series Econometrics: Some Recent Developments and Applications Alessio Moneta Max Planck Institute of Economics, Jena 10 December 2009

900 views • 60 slides
Recent developments in Resource Adequacy in California Karl Meeusen, PhD Senior Advisor

Recent developments in Resource Adequacy in California Karl Meeusen, PhD Senior Advisor

Recent developments in Resource Adequacy in California Karl Meeusen, PhD Senior Advisor Infrastructure and Regulatory Policy WECC Market Interface Committee June 27, 2019 Overview Overview Recent developments at the CPUC

453 views • 8 slides
Revisiting Lattice Attacks on overstretched NTRU parameters P. Kirchner & P-A. Fouque

Revisiting Lattice Attacks on overstretched NTRU parameters P. Kirchner & P-A. Fouque

Revisiting Lattice Attacks on overstretched NTRU parameters P. Kirchner & P-A. Fouque Universit de Rennes 1, France EUROCRYPT 2017 05/01/17 1 Plan 1. Background on NTRU and Previous Attacks 2. A New Subring Attack 3.

697 views • 40 slides
Some recent developments in gravitational lensing to

Some recent developments in gravitational lensing to

Some recent developments in gravitational lensing to professors Toshi Futamase, Hideo Kodama and Misao Sasaki Matthias Bartelmann, Heidelberg University, Institute for Theoretical Astrophysics JGRG22,

614 views • 25 slides
Income-tax w.r.t. Real Estate Transactions Select Issues and Recent Developments Jagdish T

Income-tax w.r.t. Real Estate Transactions Select Issues and Recent Developments Jagdish T

Income-tax w.r.t. Real Estate Transactions Select Issues and Recent Developments Jagdish T Punjabi April 15, 2019 Table of Contents Slide Nos. Sr. No. Particulars From To 1 Synopsis Recent Developments 6 7 2 Synopsis

745 views • 63 slides
Recent PVS Language Developments Sam Owre owre@csl.sri.com URL: http://www.csl.sri.com/~owre/

Recent PVS Language Developments Sam Owre owre@csl.sri.com URL: http://www.csl.sri.com/~owre/

Recent PVS Language Developments Sam Owre owre@csl.sri.com URL: http://www.csl.sri.com/~owre/ Computer Science Laboratory SRI International Menlo Park, CA August 21, 2006 Sam Owre AFM06 tutorial: 1 Recent PVS

518 views • 28 slides
Agenda this Month Recent tax cases Other HMRC announcements and other tax developments

Agenda this Month Recent tax cases Other HMRC announcements and other tax developments

Agenda this Month Recent tax cases Other HMRC announcements and other tax developments Whats in the Budget? Recent tax cases Directors Loan Write -Off Scheme Section 415 ITTOIA 2005 taxed as dividend? Espirit

620 views • 36 slides
Assistant Director One Housing Group CIH London 8 July 2014 Current Developments in posts

Assistant Director One Housing Group CIH London 8 July 2014 Current Developments in posts

Home Ownership and Right to Buy - Recent Developments Seminar Matthew Saye Assistant Director One Housing Group CIH London 8 July 2014 Current Developments in posts sales management Recent Developments Primary legislation limited

317 views • 12 slides
Recent Developments of JM A Operational NWP Systems and WGNE Intercomparison of Tropical Cyclone

Recent Developments of JM A Operational NWP Systems and WGNE Intercomparison of Tropical Cyclone

Recent Developments of JM A Operational NWP Systems and WGNE Intercomparison of Tropical Cyclone Track Forecast M asayuki Nakagawa and colleagues at JM A Numerical Prediction Division Japan M eteorological Agency 1 RECENT DEVELOPM ENTS OF J

591 views • 45 slides
Naviga&ng New Terrain: Recent Developments in Human

Naviga&ng New Terrain: Recent Developments in Human

1/24/18 Naviga&ng New Terrain: Recent Developments in Human Subjects Research Regula&on Heather Pierce, AAMC Laura Odwazny, HHS OGC Kristen

530 views • 15 slides
Recent Developments in Grid C Computing & e-infrastructures in i & i f i India

Recent Developments in Grid C Computing & e-infrastructures in i & i f i India

Recent Developments in Grid C Computing & e-infrastructures in i & i f i India Presented jointly by Prof PS Dhekne BARC Prof P.S. Dhekne, BARC and Dipak Singh, ERNET India April 22, 2009 Recent developments in Grid Computing

671 views • 31 slides
The RSA Cryptosystem February 27, 2008 Introducing PS4: RSA encryption Problem set 4 is about

The RSA Cryptosystem February 27, 2008 Introducing PS4: RSA encryption Problem set 4 is about

The RSA Cryptosystem February 27, 2008 Introducing PS4: RSA encryption Problem set 4 is about implementing a famous public key cryptosystem, RSA. Administrative Details: Posted by tomorrow. Due Friday March 7, at Noon. My office hours will be

610 views • 23 slides
Recent Developments of the Commodity Prices Katrin Knauf Hamburgisches WeltWirtschaftsInstitut

Recent Developments of the Commodity Prices Katrin Knauf Hamburgisches WeltWirtschaftsInstitut

Recent Developments of the Commodity Prices Katrin Knauf Hamburgisches WeltWirtschaftsInstitut (HWWI) Structure 1. Overview commodity price index 2. Selection of commodities 3. Development of the commodity price index 4. Recent developments

374 views • 35 slides
Key Escrow free Identity-based Identity-based Cryptosystem Cryptosystem Identity-based

Key Escrow free Identity-based Identity-based Cryptosystem Cryptosystem Identity-based

Contents Background Key Escrow free Identity-based Identity-based Cryptosystem Cryptosystem Identity-based Signature Conclusion Manik Lal Das DA-IICT, Gandhinagar, India About DA-IICT and Our Group DA-IICT is a private university,

563 views • 35 slides
Seminar on Seminar on Recent Developments in Project Management Recent Developments in Project

Seminar on Seminar on Recent Developments in Project Management Recent Developments in Project

Seminar on Seminar on Recent Developments in Project Management Recent Developments in Project Management in Hong Kong in Hong Kong Some Recent Advances in Project Management Some Recent Advances in Project Management from a Public Sector

458 views • 31 slides

More recommend