Article

A Chosen-Ciphertext Attack against NTRU

Authors:

Éliane Jaulmes,

Antoine JouxAuthors Info & Claims

CRYPTO '00: Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology

Pages 20 - 35

Published: 20 August 2000 Publication History

Abstract

We present a chosen-ciphertext attack against the public key cryptosystem called NTRU. This cryptosystem is based on polynomial algebra. Its security comes from the interaction of the polynomial mixing system with the independence of reduction modulo two relatively prime integers p and q. In this paper, we examine the effect of feeding special polynomials built from the public key to the decryption algorithm. We are then able to conduct a chosen-ciphertext attack that recovers the secret key from a few ciphertexts/cleartexts pairs with good probability. Finally, we show that the OAEP-like padding proposed for use with NTRU does not protect against this attack.

References

[1]

Mihir Bellare, Anand Desai, David Pointcheval, and Phillip Rogaway. Relations among notions of security for public-key encryption schemes. In Hugo Krawczyk, editor, Advances in Cryptology -- CRYPTO'98, volume 1462 of Lecture Notes in Computer Science, pages 26-45. Springer, 1998.

Crossref

Google Scholar

[2]

Mihir Bellare and Phillip Rogaway. Optimal asymmetric encryption. In A. de Santis, editor, Advances in Cryptology -- EUROCRYPT'94, volume 950 of Lecture Notes in Computer Science, pages 92-111. Springer-Verlag, 1994.

Google Scholar

[3]

D. Coppersmith and A. Shamir. Lattice attacks on NTRU. In Advances in Cryptology -- EUROCRYPT'97, volume 1233 of Lecture Notes in Computer Science, pages 52-61, 1997.

Crossref

Google Scholar

[4]

Eiichiro Fujisaki and Tatsuaki Okamoto. Secure integration of asymmetric and symmetric encryption schemes. In Michael Wiener, editor, Advances in Cryptology -- CRYPTO'99, volume 1666 of Lecture Notes in Computer Science, pages 537- 554. Springer-Verlag, 1999.

Crossref

Google Scholar

[5]

H. Gilbert, D. Gupta, A.M. Odlyzko, and J.-J. Quisquater. Attacks on shamir's 'rsa for paranoids'. Information Processing Letters, 68:197-199, 1998. http://www.research.att.com/~amo/doc/recent.html.

Crossref

Google Scholar

[6]

Chris Hall, Ian Goldberg, and Bruce Schneier. Reaction attacks against several public-key cryptosystems. In G. Goos, J. Hartmanis, and J; van Leeuwen, editors, ICICS'99, volume 1726 of Lecture Notes in Computer Science, pages 2-12. Springer-Verlag, 1999.

Crossref

Google Scholar

[7]

Jeffrey Hoffstein, Jill Pipher, and Joseph H. Silverman. NTRU: A ring based public key cryptosystem. In ANTS'3, volume 1423 of Lecture Notes in Computer Science, pages 267-288. Springer Verlag, 1998.

Crossref

Google Scholar

[8]

Jeffrey Hoffstein and Joseph H. Silverman. Reaction attacks against the NTRU public key cryptosystem. Technical Report 15, NTRU Cryptosystems, August 1999.

Google Scholar

[9]

M. Joye and J.-J. Quisquater. On the importance of securing your bins: the garbage-man-in-the-middle attack. 4th ACM Conf. Computer Comm. Security, pages 135-141, 1997.

Crossref

Google Scholar

[10]

A.K. Lenstra, H.W. Lenstra, and L. Lovász. Factoring polynomials with polynomial coefficients. Math. Annalen, 261:515-534, 1982.

Google Scholar

[11]

Joseph H. Silverman. Plaintext awareness and the NTRU PKCS. Technical Report 7, NTRU Cryptosystems, July 1998.

Google Scholar

[12]

Joseph H. Silverman. Estimated breaking times for NTRU lattices. Technical Report 12, NTRU Cryptosystems, March 1999.

Google Scholar

Cited By

View all

D'Anvers JOrsini EVercauteren FEmura KWang Y(2021)Error Term Checking: Towards Chosen Ciphertext Security without Re-encryptionProceedings of the 8th ACM on ASIA Public-Key Cryptography Workshop10.1145/3457338.3458295(3-12)Online publication date: 24-May-2021
https://dl.acm.org/doi/10.1145/3457338.3458295
Wang AWang CZheng XTian WXu RZhang G(2017)Random key rotationComputers and Electrical Engineering10.1016/j.compeleceng.2017.05.00763:C(220-231)Online publication date: 1-Oct-2017
https://dl.acm.org/doi/10.1016/j.compeleceng.2017.05.007
Perlner RCooper D(2009)Quantum resistant public key cryptographyProceedings of the 8th Symposium on Identity and Trust on the Internet10.1145/1527017.1527028(85-93)Online publication date: 14-Apr-2009
https://dl.acm.org/doi/10.1145/1527017.1527028
Show More Cited By

Recommendations

Deniable encryptions secure against adaptive chosen ciphertext attack
ISPEC'12: Proceedings of the 8th international conference on Information Security Practice and Experience

The deniable encryption is a type of encryption which can hide the true message while revealing a fake one. Even if the sender or the receiver is coerced to show the plaintext and the used random numbers in encryption, a deniable encryption scheme ...
Indistinguishability against Chosen Ciphertext Verification Attack Revisited: The Complete Picture
ProvSec 2013: Proceedings of the 7th International Conference on Provable Security - Volume 8209

The knowledge that whether a purported ciphertext is valid or not may leak sufficient information to mount practical attacks on public key cryptosystem, e.g., Bleichenbacher's attack on RSA-PKCS#1, Hall-Goldberg-Schneier's "reaction attack" on both ...
Using hash functions as a hedge against chosen ciphertext attack
EUROCRYPT'00: Proceedings of the 19th international conference on Theory and application of cryptographic techniques

The cryptosystem recently proposed by Cramer and Shoup [CS98] is a practical public key cryptosystem that is secure against adaptive chosen ciphertext attack provided the Decisional Diffie-Hellman assumption is true. Although this is a reasonable ...

Comments

Information & Contributors

Information

Published In

CRYPTO '00: Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology

August 2000

544 pages

ISBN:3540679073

Editor:
Mihir Bellare

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 20 August 2000

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

8
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 05 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

D'Anvers JOrsini EVercauteren FEmura KWang Y(2021)Error Term Checking: Towards Chosen Ciphertext Security without Re-encryptionProceedings of the 8th ACM on ASIA Public-Key Cryptography Workshop10.1145/3457338.3458295(3-12)Online publication date: 24-May-2021
https://dl.acm.org/doi/10.1145/3457338.3458295
Wang AWang CZheng XTian WXu RZhang G(2017)Random key rotationComputers and Electrical Engineering10.1016/j.compeleceng.2017.05.00763:C(220-231)Online publication date: 1-Oct-2017
https://dl.acm.org/doi/10.1016/j.compeleceng.2017.05.007
Perlner RCooper D(2009)Quantum resistant public key cryptographyProceedings of the 8th Symposium on Identity and Trust on the Internet10.1145/1527017.1527028(85-93)Online publication date: 14-Apr-2009
https://dl.acm.org/doi/10.1145/1527017.1527028
Mol PYung M(2008)Recovering NTRU secret key from inversion oraclesProceedings of the Practice and theory in public key cryptography, 11th international conference on Public key cryptography10.5555/1793774.1793777(18-36)Online publication date: 9-Mar-2008
https://dl.acm.org/doi/10.5555/1793774.1793777
Vats N(2008)Algebraic Cryptanalysis of CTRU CryptosystemProceedings of the 14th annual international conference on Computing and Combinatorics10.1007/978-3-540-69733-6_24(235-244)Online publication date: 27-Jun-2008
https://dl.acm.org/doi/10.1007/978-3-540-69733-6_24
Gama NNguyen P(2007)New chosen-ciphertext attacks on NTRUProceedings of the 10th international conference on Practice and theory in public-key cryptography10.5555/1760564.1760574(89-106)Online publication date: 16-Apr-2007
https://dl.acm.org/doi/10.5555/1760564.1760574
Coglianese MGoi B(2005)MaTRUProceedings of the 6th international conference on Cryptology in India10.1007/11596219_19(232-243)Online publication date: 10-Dec-2005
https://dl.acm.org/doi/10.1007/11596219_19
Han DHong JHan JKwon D(2003)Key recovery attacks on NTRU without ciphertext validation routineProceedings of the 8th Australasian conference on Information security and privacy10.5555/1760479.1760510(274-284)Online publication date: 9-Jul-2003
https://dl.acm.org/doi/10.5555/1760479.1760510

Abstract

References

Cited By

Recommendations

Deniable encryptions secure against adaptive chosen ciphertext attack

Indistinguishability against Chosen Ciphertext Verification Attack Revisited: The Complete Picture

Using hash functions as a hedge against chosen ciphertext attack

Comments

Information

Published In

Publisher

Publication History

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Share

Share this Publication link

Share on social media

Affiliations