Дослідження криптографічних атак на схеми електронного цифрового підпису в фактор-кільцях зрізаних поліномів

One of the main techniques obtaining authentication is using digital signatures. Research of posquantum digital signatures now acquired urgency because of the potential appearance of quantum computer. Lattice based cryptosystems have several advantages, among which are resistance to quantum cryptanalysis. Therefore, the question of security of lattice based signatures requires detailed analysis. A model of forgery attack using annihilating polynomials against NTRUSign with strengthened parameters and perturbations is proposed. Also we analyse the effectiveness of NTRUSign counterfeiting in practice. The experimental estimates of NTRUSign enhanced parameter settings to this type of threat are considered. The practical value of the obtained results is the experimental evidence that the effectiveness of attack is not significantly reduced by increasing the signature parameter.Одним из важных средств получения услуг аутентификации является электронная подпись. Исследование постквантовых электронных подписей в настоящее время приобретают актуальность из-за возможности возникновения квантового компьютера. Криптосистемы на решетках имеют ряд преимуществ, среди которых основной является устойчивость от квантового криптоанализа. Поэтому вопросы безопасности подписей на решетках требует детального анализа. Предложена модель атаки подделки подписи NTRUSign с помощью аннулирующих полиномов на схему с пертурбациями с усиленными параметрами. Анализируется эффективность подделки NTRUSign на практике. Обосновываются экспериментальные оценки защищенности усиленных параметров подписи NTRUSign от указанного типа угрозы. Практическая ценность полученных результатов заключается в экспериментальном доказательстве того, что эффективность атаки незначительно уменьшается от увеличения параметров подписи.Одним із важливих засобів отримання послуг аутентифікації є електронний підпис. Дослідження постквантових електронних підписів нині набувають актуальності через можливість виникнення квантового комп'ютера. Криптосистеми на решітках мають ряд переваг, серед яких основною є стійкість від квантового криптоаналізу. Тому питання безпеки підписів на решітках потребує детального вивчення. Запропоновано модель атаки підробки електронного цифрового підпису на решітках NTRUSign за допомогою анулюючих поліномів на схему із пертурбаціями з посиленими параметрами. Досліджено ефективність підробки підпису на NTRUSign та наведено практичні приклади успішної атаки. Отримано експериментальні дані, які показують, що алгоритм підпису при використанні техніки пертурбацій не покращує захисту від досліджуваного виду підробки. Обґрунтовуються оцінки захищеності електронного цифрового підпису NTRUSign із застосуванням техніки пертурбації з посиленими параметрами від дослідженого типу загрози. Практична цінність отриманих результатів полягає в експериментальному доведенні того, що ефективність атаки не суттєво зменшується від збільшення параметрів підпису

Ring-LWE:applications to cryptography and their efficient realization

© Springer International Publishing AG 2016. The persistent progress of quantum computing with algorithms of Shor and Proos and Zalka has put our present RSA and ECC based public key cryptosystems at peril. There is a flurry of activity in cryptographic research community to replace classical cryptography schemes with their post-quantum counterparts. The learning with errors problem introduced by Oded Regev offers a way to design secure cryptography schemes in the post-quantum world. Later for efficiency LWE was adapted for ring polynomials known as Ring-LWE. In this paper we discuss some of these ring-LWE based schemes that have been designed. We have also drawn comparisons of different implementations of those schemes to illustrate their evolution from theoretical proposals to practically feasible schemes

Enhancement of Nth degree truncated polynomial ring for improving decryption failure

Nth Degree Truncated Polynomial (NTRU) is a public key cryptosystem constructed in a polynomial ring with integer coefficients that is based on three main key integer parameters N; p and q. However, decryption failure of validly created ciphertexts may occur, at which point the encrypted message is discarded and the sender re-encrypts the messages using different parameters. This may leak information about the private key of the recipient thereby making it vulnerable to attacks. Due to this, the study focused on reduction or elimination of decryption failure through several solutions. The study began with an experimental evaluation of NTRU parameters and existing selection criteria by uniform quartile random sampling without replacement in order to identify the most influential parameter(s) for decryption failure, and thus developed a predictive parameter selection model with the aid of machine learning. Subsequently, an improved NTRU modular inverse algorithm was developed following an exploratory evaluation of alternative modular inverse algorithms in terms of probability of invertibility, speed of inversion and computational complexity. Finally, several alternative algebraic ring structures were evaluated in terms of simplification of multiplication, modular inversion, one-way function properties and security analysis for NTRU variant formulation. The study showed that the private key f and large prime q were the most influential parameters in decryption failure. Firstly, an extended parameter selection criteria specifying that the private polynomial f should be selected such that f(1) = 1, number of 1 coefficients should be one more or one less than -1 coefficients, which doubles the range of invertible polynomials thereby doubling the presented key space. Furthermore, selecting q 2:5754 f(1)+83:9038 gave an appropriate size q with the least size required for successful message decryption, resulting in a 33.05% reduction of the public key size. Secondly, an improved modular inverse algorithm was developed using the least squares method of finding a generalized inverse applying homomorphism of ring R and an (N x N) circulant matrix with integer coefficients. This ensured inversion for selected polynomial f except for binary polynomial having all 1 coefficients. This resulted in an increase of 48% to 51% whereby the number of invertible polynomials enlarged the key space and consequently improved security. Finally, an NTRU variant based on the ring of integers, Integer TRUncated ring (ITRU) was developed to address the invertiblity problem of key generation which causes decryption failure. Based on this analysis, inversion is guaranteed, and less pre-computation is required. Besides, a lower key generation computational complexity of O(N2) compared to O(N2(log2p+log2q)) for NTRU as well as a public key size that is 38% to 53% smaller, and a message expansion factor that is 2 to15 times larger than that of NTRU enhanced message security were obtained

Sealing the leak on classical NTRU signatures

Initial attempts to obtain lattice based signatures were closely related to reducing a vector modulo the fundamental parallelepiped of a secret basis (like GGH [9], or NTRUSign [12]). This approach leaked some information on the secret, namely the shape of the parallelepiped, which has been exploited on practical attacks [24]. NTRUSign was an extremely efficient scheme, and thus there has been a noticeable interest on developing countermeasures to the attacks, but with little success [6]. In [8] Gentry, Peikert and Vaikuntanathan proposed a randomized version of Babai’s nearest plane algorithm such that the distribution of a reduced vector modulo a secret parallelepiped only depended on the size of the base used. Using this algorithm and generating large, close to uniform, public keys they managed to get provably secure GGH-like lattice-based signatures. Recently, Stehlé and Steinfeld obtained a provably secure scheme very close to NTRUSign [26] (from a theoretical point of view). In this paper we present an alternative approach to seal the leak of NTRUSign. Instead of modifying the lattices and algorithms used, we do a classic leaky NTRUSign signature and hide it with gaussian noise using techniques present in Lyubashevky’s signatures. Our main contributions are thus a set of strong NTRUSign parameters, obtained by taking into account latest known attacks against the scheme, a statistical way to hide the leaky NTRU signature so that this particular instantiation of CVP-based signature scheme becomes zero-knowledge and secure against forgeries, based on the worst-case hardness of the O~(N1.5)-Shortest Independent Vector Problem over NTRU lattices. Finally, we give a set of concrete parameters to gauge the efficiency of the obtained signature scheme