Sciweavers

Share
CRYPTO
2000
Springer

A Chosen-Ciphertext Attack against NTRU

11 years 4 months ago
A Chosen-Ciphertext Attack against NTRU
We present a chosen-ciphertext attack against the public key cryptosystem called NTRU. This cryptosystem is based on polynomial algebra. Its security comes from the interaction of the polynomial mixing system with the independence of reduction modulo two relatively prime integers p and q. In this paper, we examine the effect of feeding special polynomials built from the public key to the decryption algorithm. We are then able to conduct a chosen-ciphertext attack that recovers the secret key from a few ciphertexts/cleartexts pairs with good probability. Finally, we show that the OAEP-like padding proposed for use with NTRU does not protect against this attack. 1 Overview In [7], Hoffstein, Pipher and Silverman have presented a public key cryptosystem based on polynomial algebra called NTRU. The security of NTRU comes from the interaction of the polynomial mixing system with the independence of reduction modulo p and q. In [7], the authors have studied different possible attacks on t...
Éliane Jaulmes, Antoine Joux
Added 02 Aug 2010
Updated 02 Aug 2010
Type Conference
Year 2000
Where CRYPTO
Authors Éliane Jaulmes, Antoine Joux
Comments (0)
books