NTRUSign

From Wikipedia, the free encyclopedia

NTRUSign, also known as the NTRU Signature Algorithm, is a public key cryptography digital signature algorithm based on the GGH signature scheme. It was first presented at the rump session of Asiacrypt 2001 and published in peer-reviewed form at the RSA Conference 2003. The 2003 publication included parameter recommendations for 80-bit security. A subsequent 2005 publication revised the parameter recommendations for 80-bit security, presented parameters that gave claimed security levels of 112, 128, 160, 192 and 256 bits, and described an algorithm to derive parameter sets at any desired security level. NTRU Cryptosystems, Inc. have applied for a patent on the algorithm.

NTRUSign involves mapping a message to a random point in 2N-dimensional space, where N is one of the NTRUSign parameters, and solving the close vector problem in a lattice closely related to the NTRUEncrypt lattice. This lattice has the property that a private 2N-dimensional basis for the lattice can be described with 2 vectors, each with N coefficients, and a public basis can be described with a single N-dimensional vector. This enables public keys to be represented in O(N) space, rather than O(N²) as is the case with other lattice-based signature schemes. Operations take O(N²) time, as opposed to O(N³) for elliptic curve cryptography and RSA private key operations. NTRUSign is therefore claimed to be faster than those algorithms at low security levels, and considerably faster at high security levels.

NTRUSign is not a zero-knowledge signature scheme and a transcript of signatures leaks information about the private key, as first observed by Gentry and Szydlo^[1]. Nguyen demonstrated in 2006 that for the original unperturbed NTRUSign parameter sets an attacker can recover the private key with as few as 400 signatures^[2].

The current proposals use perturbations to increase the transcript length required to recover the private key: the effect of this is that the point representing the message is displaced by the signer by a small secret amount before the signature itself is calculated. The contribution of the perturbations to the transcript is designed to be difficult to distinguish from the contribution of the private key. NTRU claim that at least 2³⁰ signatures are needed, and probably considerably more, before a transcript of perturbed signatures enables any useful attack.

NTRUSign is under consideration for standardization by the IEEE P1363 working group.

[edit] External links

[edit] References

^ http://www.szydlo.com/ntru-revised-full02.pdf
^ P. Nguyen, "A Note on the Security of NTRUSign", available from http://eprint.iacr.org/2006/387

Public-key cryptography v • d • e
Algorithms: Cramer-Shoup \| DH \| DSA \| ECDH \| ECDSA \| EKE \| ElGamal \| GMR \| IES \| Lamport \| MQV \| NTRUEncrypt \| NTRUSign \| Paillier \| Rabin \| RSA \| Schnorr \| SPEKE \| SRP \| XTR
Theory: Discrete logarithm \| Elliptic curve cryptography \| RSA problem
Standardization: ANS X9F1 \| CRYPTREC \| IEEE P1363 \| NESSIE \| NSA Suite B Misc: Digital signature \| Fingerprint \| PKI \| Web of trust \| Key size
Cryptography v • d • e
History of cryptography \| Cryptanalysis \| Cryptography portal \| Topics in cryptography
Symmetric-key algorithm \| Block cipher \| Stream cipher \| Public-key cryptography \| Cryptographic hash function \| Message authentication code \| Random numbers

Retrieved from "http://en.wikipedia.org../../../n/t/r/NTRUSign_b373.html"

Category: Asymmetric-key cryptosystems

NTRUSign

From Wikipedia, the free encyclopedia

[edit] External links

[edit] References

Views

Navigation

interaction

Search