D-NTRU: More efficient and average-case IND-CPA secure NTRU variant

“…In spite of the big numbers, f and r, meeting (36) used in RCPKC, it guarantees that the decryption correctness condition (15) holds (see (39)) due to the use of Conditions (33), (36), (38), (46) and (50) instead of Conditions 7, (11), and (12), used in the original insecure CPKC (see Sections 3.3-3.3.2) considered in [26]. It was found that the insecurity of the original CPKC stems from the use of Conditions (7), (11) and (12), defining smaller than √ q numbers f , g, m, r meeting Minkowski's boundary (27) and the decryption correctness condition (15).…”

“…Since qLen > mgLen by definition (38), Succ OW RCPKC (A 1 , P ) decreases exponentially in qLen, and Assumption 1 holds. Similarly, the attacker can try the following methods with an exponentially decreasing success probability: Furthermore, the adversary can apply the GLR attack to get ( f , g).…”

“…The private key components, ( f , g), meet (8), (9), (33) and (34), where qLen, mgLen meet (38) and (43), where (F, G) is an SV obtained in the result of the GLR attack on the lattice E(V1, V2) defined by (24). The public key component, h, is defined by (10).…”

“…The private key components, ( f , g), meet (8), (9), (33), (34) and (52), where qLen, mgLen meet (38) and (43) The public key component, h, is defined by (10). Message, m, meets (33), and random integer, r, is selected from the range defined in (46), (47) and (50).…”

“…NTRU and its known variants [7,8,[19][20][21][22][23][24][25][26][27][28][29][30][31][32][33][34][35][36][37][38], shown in Section 2, work with degree N polynomials. The main problem NTRU faces is that it is susceptible to the lattice basis reduction attack (LBRA) using the Gaussian lattice reduction (GLR) algorithm for two-dimensional lattices and the LLL algorithm for higher dimensions [39].…”

NTRU-Like Random Congruential Public-Key Cryptosystem for Wireless Sensor Networks

“…In spite of the big numbers, f and r, meeting (36) used in RCPKC, it guarantees that the decryption correctness condition (15) holds (see (39)) due to the use of Conditions (33), (36), (38), (46) and (50) instead of Conditions 7, (11), and (12), used in the original insecure CPKC (see Sections 3.3-3.3.2) considered in [26]. It was found that the insecurity of the original CPKC stems from the use of Conditions (7), (11) and (12), defining smaller than √ q numbers f , g, m, r meeting Minkowski's boundary (27) and the decryption correctness condition (15).…”

“…Since qLen > mgLen by definition (38), Succ OW RCPKC (A 1 , P ) decreases exponentially in qLen, and Assumption 1 holds. Similarly, the attacker can try the following methods with an exponentially decreasing success probability: Furthermore, the adversary can apply the GLR attack to get ( f , g).…”

“…The private key components, ( f , g), meet (8), (9), (33) and (34), where qLen, mgLen meet (38) and (43), where (F, G) is an SV obtained in the result of the GLR attack on the lattice E(V1, V2) defined by (24). The public key component, h, is defined by (10).…”

“…The private key components, ( f , g), meet (8), (9), (33), (34) and (52), where qLen, mgLen meet (38) and (43) The public key component, h, is defined by (10). Message, m, meets (33), and random integer, r, is selected from the range defined in (46), (47) and (50).…”

“…NTRU and its known variants [7,8,[19][20][21][22][23][24][25][26][27][28][29][30][31][32][33][34][35][36][37][38], shown in Section 2, work with degree N polynomials. The main problem NTRU faces is that it is susceptible to the lattice basis reduction attack (LBRA) using the Gaussian lattice reduction (GLR) algorithm for two-dimensional lattices and the LLL algorithm for higher dimensions [39].…”

NTRU-Like Random Congruential Public-Key Cryptosystem for Wireless Sensor Networks

Secure limitation analysis of public-key cryptography for smart card settings

NTRU-CLS: Efficient quantum-resistant NTRU lattice-based certificateless signature scheme for VANETs