The Impact of Decryption Failures on the Security of NTRU Encryption

13 years 9 months ago

Download www.iacr.org

NTRUEncrypt is unusual among public-key cryptosystems in that, with standard parameters, validly generated ciphertexts can fail to decrypt. This aﬀects the provable security properties of a cryptosystem, as it limits the ability to build a simulator in the random oracle model without knowledge of the private key. We demonstrate attacks which use decryption failures to recover the private key. Such attacks work for all standard parameter sets, and one of them applies to any padding. The appropriate countermeasure is to change the parameter sets and possibly the decryption process so that decryption failures are vanishingly unlikely, and to adopt a padding scheme that prevents an attacker from directly controlling any part of the input to the encryption primitive. We outline one such candidate padding scheme.

Nick Howgrave-Graham, Phong Q. Nguyen, David Point

Real-time Traffic

CRYPTO 2003 | Decryption Failures | Parameter Sets | Standard Parameter |

claim paper

» New ChosenCiphertext Attacks on NTRU

» Immunizing Encryption Schemes from Decryption Errors

» CompilerAssisted Memory Encryption for Embedded Processors

» Performance and Energy Efficiency of Block Ciphers in Personal Digital Assistants

» Secure Multicast Using Proxy Encryption

» Architectural Impact of Secure Socket Layer on Internet Servers

» ANON An IPLayer Anonymizing Infrastructure

» Design and Analysis of an IPLayer Anonymizing Infrastructure

Post Info
More Details (n/a)

Added	06 Jul 2010
Updated	06 Jul 2010
Type	Conference
Year	2003
Where	CRYPTO
Authors	Nick Howgrave-Graham, Phong Q. Nguyen, David Pointcheval, John Proos, Joseph H. Silverman, Ari Singer, William Whyte

Comments (0)

Sciweavers

The Impact of Decryption Failures on the Security of NTRU Encryption

CRYPTO 2003 | Decryption Failures | Parameter Sets | Standard Parameter |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers