ITRU: NTRU-based cryptosystem using ring of integers

NTRU is a public key cryptosystem whose structure is based on the polynomial ring of integers. We present ITRU, an NTRU-like cryptosystem based on the ring of integers. We discuss the parameter selection procedure and provide an implementation of ITRU using an illustration. A comparison of the performance of ITRU and NTRU is provided which highlights the difference in parameter selection, invertibility and successful message decryption. We show that ITRU is an improvement of NTRU in that, it ensures successful message decryption upon implementation using the proposed parameter selection algorithm

Characterizing NTRU-Variants Using Group Ring and Evaluating their Lattice Security

The encryption scheme NTRU is designed over a quotient ring of a polynomial ring. Basically, if the ring is changed to any other ring, NTRU-like cryptosystem is constructible. In this paper, we propose a variant of NTRU using group ring, which is called GR-NTRU. GR-NTRU includes NTRU as a special case. Moreover, we analyze and compare the security of GR-NTRU for several concrete groups. It is easy to investigate the algebraic structure of group ring by using group representation theory. We apply this fact to the security analysis of GR-NTRU. We show that the original NTRU and multivariate NTRU are most secure among several GR-NTRUs which we investigated

A Non-commutative Cryptosystem Based on Quaternion Algebras

We propose BQTRU, a non-commutative NTRU-like cryptosystem over quaternion algebras. This cryptosystem uses bivariate polynomials as the underling ring. The multiplication operation in our cryptosystem can be performed with high speed using quaternions algebras over finite rings. As a consequence, the key generation and encryption process of our cryptosystem is faster than NTRU in comparable parameters. Typically using Strassen's method, the key generation and encryption process is approximately $16/7$ times faster than NTRU for an equivalent parameter set. Moreover, the BQTRU lattice has a hybrid structure that makes inefficient standard lattice attacks on the private key. This entails a higher computational complexity for attackers providing the opportunity of having smaller key sizes. Consequently, in this sense, BQTRU is more resistant than NTRU against known attacks at an equivalent parameter set. Moreover, message protection is feasible through larger polynomials and this allows us to obtain the same security level as other NTRU-like cryptosystems but using lower dimensions.Comment: Submitted for possible publicatio

Enhancement of Nth degree truncated polynomial ring for improving decryption failure

Nth Degree Truncated Polynomial (NTRU) is a public key cryptosystem constructed in a polynomial ring with integer coefficients that is based on three main key integer parameters N; p and q. However, decryption failure of validly created ciphertexts may occur, at which point the encrypted message is discarded and the sender re-encrypts the messages using different parameters. This may leak information about the private key of the recipient thereby making it vulnerable to attacks. Due to this, the study focused on reduction or elimination of decryption failure through several solutions. The study began with an experimental evaluation of NTRU parameters and existing selection criteria by uniform quartile random sampling without replacement in order to identify the most influential parameter(s) for decryption failure, and thus developed a predictive parameter selection model with the aid of machine learning. Subsequently, an improved NTRU modular inverse algorithm was developed following an exploratory evaluation of alternative modular inverse algorithms in terms of probability of invertibility, speed of inversion and computational complexity. Finally, several alternative algebraic ring structures were evaluated in terms of simplification of multiplication, modular inversion, one-way function properties and security analysis for NTRU variant formulation. The study showed that the private key f and large prime q were the most influential parameters in decryption failure. Firstly, an extended parameter selection criteria specifying that the private polynomial f should be selected such that f(1) = 1, number of 1 coefficients should be one more or one less than -1 coefficients, which doubles the range of invertible polynomials thereby doubling the presented key space. Furthermore, selecting q 2:5754 f(1)+83:9038 gave an appropriate size q with the least size required for successful message decryption, resulting in a 33.05% reduction of the public key size. Secondly, an improved modular inverse algorithm was developed using the least squares method of finding a generalized inverse applying homomorphism of ring R and an (N x N) circulant matrix with integer coefficients. This ensured inversion for selected polynomial f except for binary polynomial having all 1 coefficients. This resulted in an increase of 48% to 51% whereby the number of invertible polynomials enlarged the key space and consequently improved security. Finally, an NTRU variant based on the ring of integers, Integer TRUncated ring (ITRU) was developed to address the invertiblity problem of key generation which causes decryption failure. Based on this analysis, inversion is guaranteed, and less pre-computation is required. Besides, a lower key generation computational complexity of O(N2) compared to O(N2(log2p+log2q)) for NTRU as well as a public key size that is 38% to 53% smaller, and a message expansion factor that is 2 to15 times larger than that of NTRU enhanced message security were obtained

Modern Cryptography Volume 2

This open access book covers the most cutting-edge and hot research topics and fields of post-quantum cryptography. The main purpose of this book is to focus on the computational complexity theory of lattice ciphers, especially the reduction principle of Ajtai, in order to fill the gap that post-quantum ciphers focus on the implementation of encryption and decryption algorithms, but the theoretical proof is insufficient. In Chapter 3, Chapter 4 and Chapter 6, author introduces the theory and technology of LWE distribution, LWE cipher and homomorphic encryption in detail. When using random analysis tools, there is a problem of "ambiguity" in both definition and algorithm. The greatest feature of this book is to use probability distribution to carry out rigorous mathematical definition and mathematical demonstration for various unclear or imprecise expressions, so as to make it a rigorous theoretical system for classroom teaching and dissemination. Chapters 5 and 7 further expand and improve the theory of cyclic lattice, ideal lattice and generalized NTRU cryptography. This book is used as a professional book for graduate students majoring in mathematics and cryptography, as well as a reference book for scientific and technological personnel engaged in cryptography research

Modern Cryptography Volume 2

This open access book covers the most cutting-edge and hot research topics and fields of post-quantum cryptography. The main purpose of this book is to focus on the computational complexity theory of lattice ciphers, especially the reduction principle of Ajtai, in order to fill the gap that post-quantum ciphers focus on the implementation of encryption and decryption algorithms, but the theoretical proof is insufficient. In Chapter 3, Chapter 4 and Chapter 6, author introduces the theory and technology of LWE distribution, LWE cipher and homomorphic encryption in detail. When using random analysis tools, there is a problem of "ambiguity" in both definition and algorithm. The greatest feature of this book is to use probability distribution to carry out rigorous mathematical definition and mathematical demonstration for various unclear or imprecise expressions, so as to make it a rigorous theoretical system for classroom teaching and dissemination. Chapters 5 and 7 further expand and improve the theory of cyclic lattice, ideal lattice and generalized NTRU cryptography. This book is used as a professional book for graduate students majoring in mathematics and cryptography, as well as a reference book for scientific and technological personnel engaged in cryptography research

Identification of influential parameters for NTRU decryption failure and recommendation of extended parameter selection criteria for elimination of decryption failure

NTRU is the leading alternative to ECC and RSA in the post-quantum era. However, it has a probability of decryption failure of 2-k (with k being the security level) according to Philip S. Hirschhorn, Jeffrey Hoffstein, Nick Howgrave-Graham and William Whyte, 2009. This probability was provided for parameters selected using an algorithm which provides security against lattice reduction and MITM attacks, with particular emphasis on parameter size and coefficients of the private key. The recommendations for selection of polynomials in NTRU described by Hoffstein, Jeff Howgrave-Graham, Nick Pipher, Jill Whyte and William in 2010 prescribed that for polynomial f of binary form. In this paper, we re-evaluate the prescribed parameter selection criteria by rigorous testing of different polynomial combinations of f, g, m and φ as well as q for varied security levels. The testing experimentally verifies the influential parameters for NTRU operation whose results are used to propose an extended correlated parameter selection criteria for the private key, which ensures that a randomly selected polynomial f is invertible and that an accurate selection of the minimum size of q required for successful decryption is made

NTRU Fatigue: How stretched is overstretched?

Until recently lattice reduction attacks on NTRU lattices were thought to behave similar as on (ring-)LWE lattices with the same parameters. However several works (Albrecht-Bai-Ducas 2016, Kirchner-Fouque 2017) showed a significant gap for large moduli q, the so-called overstretched regime of NTRU. With the NTRU scheme being a finalist to the NIST PQC competition it is important to understand —both asymptotically and concretely— where the fatigue point lies exactly, i.e. at which q the overstretched regime begins. Unfortunately the analysis by Kirchner and Fouque is based on an impossibility argument, which only results in an asymptotic upper bound on the fatigue point. It also does not really explain how lattice reduction actually recovers secret-key information. We propose a new analysis that asymptotically improves on that of Kirchner an