Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [ntru]

NTRU is an encryption algorithm which is based on the shortest vector problem in a lattice.

NTRU is an encryption algorithm which is based on the shortest vector problem in a lattice. Unlike common encryption algorithms, it is not known to be breakable by quantum computers.

See also

118 questions
13
votes
3 answers

Does NTRU decrypt correctly now?

The NTRU public-key cryptosystem has a lot of interesting properties (being resistant to quantum computer attacks, being standardized by several important bodies), but it also has a pretty unique property: The decryption algorithm does not always…
Jack Schmidt
  • 294
  • 1
  • 9
10
votes
2 answers

Which attacks are possible against raw/textbook NTRU encryption?

In the same fashion that these questions about attacks to textbook RSA and ECC, I was wondering what are the immediate drawbacks of applying NTRU Encryption directly, without any padding scheme, such as NAEP or SVES.
cygnusv
  • 5,072
  • 1
  • 23
  • 48
9
votes
3 answers

How can one sign with NTRU?

I am looking at implementing NTRU, but I noticed that while the encryption/decryption algorithm seems to be mature and well-documented, there is comparatively little information about how to sign using NTRU (and the proposed method apparently leaks…
Thomas
  • 7,568
  • 1
  • 32
  • 45
9
votes
2 answers

Is NTRU broken?

Today a new paper appeared on ePrint, "Improved Provable Reduction of NTRU and Hypercubic Lattices". It claims that: this is the first provable result showing that breaking NTRU lattices can be reduced to finding shortest lattice vectors in halved…
swineone
  • 880
  • 6
  • 17
8
votes
3 answers

Lightweight Asymmetric encryption algorithm

I'm an embedded systems researcher, and new in the crypto field. Actually, I need to know if there are any lightweight asymmetric encryption algorithm especially considering the time needed for key generation. I found that NTRU is considered one of…
a.refaat
  • 81
  • 1
  • 2
7
votes
1 answer

Secure, patent-free alternative to NTRU

I'm working on a P2P communications and chat framework, and am looking for a quantum-secure asymmetric key exchange algorithm which I can use to perform a key exchange of an AES-256 bit key. This is an open-source project which will be licensed…
bbosak
  • 961
  • 1
  • 6
  • 9
7
votes
2 answers

Multiple NTRU public keys for the same private key?

An NTRU public key is generated essentially by multiplying the inverse of a polynomial $f$ by a polynomial $g$. The polynomial $f$ is the private key; $g$ is discarded. My question is: Is it insecure to hand out multiple public keys for the same…
devin.omalley
  • 135
  • 4
7
votes
1 answer

Why does NTRUEncrypt lack a formal security proof?

Is there any particular reason why NTRUEncrypt lacks a formal security proof? That is, a demonstration that it achieves certain security notion (e.g. IND-CPA). I know there is a provable-secure variant from Stehlé and Steinfeld, but my question is…
cygnusv
  • 5,072
  • 1
  • 23
  • 48
6
votes
1 answer

Implementations of Ntru TLS

Has anyone come across any implementations of Ntru TLS? I'm working a project for uni that does quantum secure encryption. It relies on a mix of Ntru & AES, but I can't find an implementation of Ntru TLS anywhere. (CyaSSL claims to have one but it…
Saf
  • 205
  • 2
  • 7
6
votes
2 answers

Layered encryption in mixnets with post-quantum cryptography

I am trying to implement a mixnet using post-quantum public-key crypto. Each message may be encrypted by up to 10 levels of public keys, shuffled, before the layers of encryption are stripped off one by one. This is traditionally achievable in RSA,…
J. Doe
  • 93
  • 3
6
votes
1 answer

What is the most efficient attack on NTRU?

So, I got how finding the private key is equivalent to resolving the SVP. I also understood that the LLL algorithm can only be used in small dimensions. Now, I wonder what is the most efficient attack one could do? Does it have to be comprehensive…
dragonair
  • 61
  • 2
6
votes
1 answer

Where can I find NTRU test vectors?

In some research work in 2001, it is stated that test vectors were not publicly available at the time. Then in this ESSS1v2 standard under IEEE1363 here , the appendix B mentions that the test vectors will be added in future versions. I haven't…
Jaynjayn
  • 31
  • 2
6
votes
2 answers

NTRU crypto from unseen.is; myth busting help

I am always on the look out for privacy enhancing technologies. I stumbled upon the service from unseen.is. I had a look at their site (specifically here) and even though I lack knowledge there are a few early warning signs: a former security…
user3244085
  • 171
  • 2
6
votes
1 answer

NTRU Cryptosystem: Why "rotated" coefficients of key f work the same as f

In the NTRU cryptosystem, we can use a randomly generated polynomial f that is inversible under modulo p and q to encrypt and decrypt our plaintext. While studying this system, I attempted to bruteforce the value of f given a fixed g and a known…
Ymi
  • 175
  • 3
5
votes
1 answer

NTRUencrypt in NIST competition

Why did the NTRUencrypt team not maintain the NTRU1024 release in the NIST second-round competition? Is this because of the speed performance or security performance or other things?
user47167
  • 87
  • 2
1
2 3 4 5 6 7 8