Towards post-quantum security for IoT endpoints with NTRU
Abstract
The NTRU cryptosystem is one of the main alternatives for practical implementations of post-quantum, public-key cryptography. In this work, we analyze the feasibility of employing the NTRU encryption scheme, NTRUEncrypt, in resource constrained devices such as those used for Internet-of-Things endpoints. We present an analysis of NTRUEncrypt's advantages over other cryptosystems for use in such devices. We describe four different NTRUEncrypt implementations on an ARM Cortex M0-based microcontroller, compare their results, and show that NTRUEncrypt is suitable for use in battery-operated devices. We present performance and memory footprint figures for different security parameters, as well as energy consumption in a resource constrained microcontroller to backup these claims. Furthermore, to the best of our knowledge, in this work we present the first time-independent implementation of NTRUEncrypt.
References
[1]
J. Buchmann, A. May, and U. Vollmer, "Perspectives for Cryptographic Long-term Security," Commun. ACM, vol. 49, no. 9, pp. 50--55, Sep. 2006.
[2]
P. W. Shor, "Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer," SIAM J. Comput., vol. 26, no. 5, pp. 1484--1509, Oct. 1997.
[3]
NSA Information Assurance Directorate. (2015) Commercial national security algorithm suite. {Online}. Available: https://www.iad.gov/iad/programs/iad-initiatives/cnsa-suite.cfm
[4]
L. Chen, S. Jordan, Y.-K. Liu, D. Moody, R. Peralta, R. Perlner, and D. Smith-Tone, "Report on Post-quantum Cryptography," National Institute of Standards and Technology Internal Report, vol. 8105, 2016. {Online}. Available
[5]
J. Hoffstein, J. Pipher, and J. H. Silverman, "NTRU: A ring-based public key cryptosystem," in ANTS, 1998, pp. 267--288.
[6]
J. Hoffstein and J. H. Silverman, "Random small Hamming weight products with applications to cryptography," Discrete Applied Mathematics, vol. 130, no. 1, pp. 37 -- 49, 2003, the 2000 Com2MaC Workshop on Cryptography.
[7]
D. V. Bailey, D. Coffin, A. Elbirt, J. H. Silverman, and A. D. Woodbury, "NTRU in Constrained Devices," in CHES, 2001, pp. 262--272.
[8]
O. Collen Marie, "Efficient NTRU implementation," Master's thesis, Worcester Polytechnic Institute, 2002. {Online}. Available: https://www.wpi.edu/Pubs/ETD/Available/etd-0430102-111906/unrestricted/corourke.pdf
[9]
M. Monteverde, "NTRU Software Implementation for Constrained Devices," Master's thesis, Katholieke Universiteit Leuven, 2008.
[10]
A. Boorghany, S. B. Sarmadi, and R. Jalili, "On Constrained Implementation of Lattice-Based Cryptographic Primitives and Schemes on Smart Cards," ACM Trans. Embed. Comput. Syst., vol. 14, no. 3, pp. 42:1--42:25, Apr. 2015.
[11]
M.-K. Lee, J. W. Kim, J. E. Song, and K. Park, "Sliding window method for NTRU," in ACNS, 2007, pp. 432--442.
[12]
M. Braithwaite. (2015) Experimenting with post-quantum cryptography. {Online}. Available: https://security.googleblog.com/2016/07/experimenting-with-post-quantum.html
[13]
W. Whyte, "EESS 1: Implementation Aspects of NTRUEncrypt, Version 3.1," Consortium for Efficient Embedded Security, Tech. Rep., September 2015. {Online}. Available: https://www.securityinnovation.com/products/ntru-crypto/ntru-resources#ntrustandards
[14]
V. Lyubashevsky, C. Peikert, and O. Regev, "On ideal lattices and learning with errors over rings," J. ACM, vol. 60, no. 6, p. 43, 2013.
[15]
C. Peikert, "Lattice cryptography for the internet," in PQCrypto, 2014, pp. 197--219.
[16]
C. Dwork, M. Naor, and O. Reingold, "Immunizing encryption schemes from decryption errors," in EUROCRYPT, 2004, pp. 342--360.
[17]
R. Lindner and C. Peikert, "Better key sizes (and attacks) for LWE-based encryption," in CT-RSA, 2011, pp. 319--339.
[18]
N. Göttert, T. Feller, M. Schneider, J. A. Buchmann, and S. A. Huss, "On the design of hardware building blocks for modern lattice-based encryption schemes," in CHES 2012, 2012, pp. 512--529.
[19]
A. Singer, "NTRU Cipher Suites for TLS," IETF, Internet-Draft draft-ietf-tls-ntru-00, Jul. 2001, work in Progress. {Online}. Available: https://tools.ietf.org/html/draft-ietf-tls-ntru-00
[20]
J. M. Schanck, W. Whyte, and Z. Zhang, "Quantum-Safe Hybrid (QSH) Ciphersuite for Transport Layer Security (TLS) version 1.3," IETF, Internet-Draft draft-whyte-qsh-tls13-02, Apr. 2016, work in Progress. {Online}. Available: https://tools.ietf.org/html/draft-whyte-qsh-tls13-02
[21]
J. M. Schanck, W. Whyte, and Z. Zhang, "A quantum-safe circuit-extension handshake for Tor," IACR ePrint, vol. 2015, p. 287, 2015, to appear in PETS'16.
[22]
N. Howgrave-Graham, J. H. Silverman, A. Singer, and W. Whyte, "NAEP: provable security in the presence of decryption failures," IACR ePrint, vol. 2003, p. 172, 2003.
[23]
B. Jun and P. Kocher, "The Intel Random Number Generator," Cryptography Research Inc. white paper, Tech. Rep., April 1999.
[24]
NIST Statistical Test Suite. {Online}. Available: http://csrc.nist.gov/groups/ST/toolkit/rng/documentation_software.html
[25]
J. H. Silverman, "Almost inverses and fast NTRU key creation," NTRU Cryptosystems,(Technical Note# 014): http://www.ntru.com/cryptolab/pdf/NTRUTech014.pdf, 1999.
[26]
J. A. Buchmann, M. Döring, and R. Lindner, "Efficiency improvement for NTRU," IACR ePrint, vol. 2007, p. 263, 2007. {Online}. Available: http://eprint.iacr.org/2007/263
[27]
J. Hoffstein, J. Pipher, J. M. Schanck, J. H. Silverman, W. Whyte, and Z. Zhang, "Choosing parameters for NTRUEncrypt," IACR ePrint, vol. 2015, p. 708, 2015. {Online}. Available: http://eprint.iacr.org/2015/708
- Towards post-quantum security for IoT endpoints with NTRU
Recommendations
A Practical Post-Quantum Public-Key Cryptosystem Based on $$\textsf {spLWE}$$
ICISC 2016: Proceedings of the 19th International Conference on Information Security and Cryptology - Volume 10157The Learning with Errors $$\textsf {LWE}$$ problem has been widely used as a hardness assumption to construct public-key primitives. In this paper, we propose an efficient instantiation of a PKE scheme based on LWE with a sparse secret, named as $$\...
Towards Post-Quantum Security for Signal’s X3DH Handshake
Selected Areas in CryptographyAbstractModern key exchange protocols are usually based on the Diffie–Hellman (DH) primitive. The beauty of this primitive, among other things, is its potential reusage of key shares: DH shares can be either used a single time or in multiple runs. Since ...
Chosen-Ciphertext Secure Dual-Receiver Encryption in the Standard Model Based on Post-quantum Assumptions
Public-Key Cryptography – PKC 2024AbstractDual-receiver encryption (DRE) is a special form of public key encryption (PKE) that allows a sender to encrypt a message for two recipients. Without further properties, the difference between DRE and PKE is only syntactical. One such important ...
Comments
Information & Contributors
Information
Published In
March 2017
1814 pages
Publisher
European Design and Automation Association
Leuven, Belgium
Publication History
Published: 27 March 2017
Author Tags
Qualifiers
- Research-article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 327Total Downloads
- Downloads (Last 12 months)65
- Downloads (Last 6 weeks)7
Reflects downloads up to 06 Jan 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in