Bounds of decryption failure probability in NTRUEncrypt encryption scheme for a fixed key

Authors

  • Антон Миколайович Олексійчук National technical university of Ukraine «Igor Sikorsky Kyiv Polytechnic Institute»
  • Александра Андріївна Матійко National technical university of Ukraine «Igor Sikorsky Kyiv Polytechnic Institute»

DOI:

https://doi.org/10.18372/2410-7840.20.12276

Keywords:

post-quantum cryptography, NTRUEncrypt, decryption failure probability, central limit theorem, Hoeffding's inequality

Abstract

The asymmetric encryption scheme NTRUEncrypt is one of the fastest post-quantum encryption schemes. To date, there are several versions of this encryption scheme but all of them have an unwanted feature that assumes decryption failure. Besides the inconvenience for authorized users, this feature leads to specific attacks on the encryption scheme and consequently reduces its security. The traditional approach to estimating the decryption failure probability assumes that this probability is determined by random selection of all elements used to form the encrypted message: the plain text, the key and so-called randomizing polynomial. At the same time, from a practical point of view, a more adequate indicator of the failure frequency is the set of probabilities calculated for each fixed value of the secret key. In this article, we get upper bounds for the decryption failure probability for a fixed key for one of the most extensive versions of the NTRUEncrypt encryption scheme. The first of two obtained bounds is approximate in the sense that, when it is proved, the replacement of the probability distribution of certain independent random variables sum by the limit (normal) distribution is carried out. The second obtained bound is due to Hoeffding's inequality and it is not based on any heuristic assumptions. In general, the obtained results provide more adequate information about the frequency of decryption failure for the considered version of NTRUEncrypt and can be used later in choosing the parameters of this encryption scheme to optimize it for security or practicality.

Author Biographies

Антон Миколайович Олексійчук, National technical university of Ukraine «Igor Sikorsky Kyiv Polytechnic Institute»


Doctor of Technical Sciences, Assistant professor, Professor of The Institute of Special Communication and Information Protection of National technical university of Ukraine «Igor Sikorsky Kyiv Polytechnic Institute»

Александра Андріївна Матійко, National technical university of Ukraine «Igor Sikorsky Kyiv Polytechnic Institute»

cadet of Institute of Special Communication and Information Protection National technical university of Ukraine «Igor Sikorsky Kyiv Polytechnic Institute»

References

American National Standard X9.98-2010. Lattice-based polynomial public key encryption algorithm, Part 1: key establishment, Part 2: data encryption. 2010.

D. Bernstein, Ch. Chuengsatiansup, T. Lange, Ch. Van Vredendaal, "NTRU Prime: redusing attack surface at low cost", Cryptology ePrint Archive, Report 2016/461. [Electronic re-source]. Online: http://eprint.iacr.org/2016/461.

C. Chen, J. Hoffstein, W. Whyte, Z. Zhang, "NIST PQ Submission: NTRUEncrypt. A lattice based algorithm". [Electronic resource]. Online: https://cscr. nist.gov/Projects/Post-Quantum-Cryptorraphy, 2017.

P. Hirschhorn, J. Hoffstein, N. Howgrave-Graham, W. Whyte, "Choosing NTRU parameters in light of combined lattice reduction and MITM aproaches", Applied Cryptography and Network Security, LNCS, Vol. 5536, pp. 437-455, 2009.

W. Hoeffding, "Probability inequalities for sums of bounded random variables", J. Amer. Statist. Assoc., Vol. 58, no. 301, pp. 13-30, 1963.

J. Hoffstein, J. Pipher, J.H. Silverman, "NTRU: a new high speed public key cryptosystem", Preprint, presented at the rump session of Crypto’96. 1996.

J. Hoffstein, J. Pipher, J.H. Silverman, "NTRU: a new high speed public key cryptosystem", Algorithmic Number Theory (ANTS III). LNCS, Vol. 1423, pp. 267-288, 1998.

J. Hoffstein, J. Pipher, J.M. Schanck, J.H. Silverman, W. Whyte, Z. Zhang, "Choosing parameters for NTRUEncrypt", Cryptology ePrint Archive, Report 2015/708. [Electronic resource]. Online: http://eprint. iacr.org/2015/708.

N. Howgrave-Graham, P. Nguyen, D. Pointcheval, J. Proos, J.H. Silverman, A. Singer, W. Whyte, "The impact of decryption failures on the security of NTRU encryption", Advanced in Cryptology, Crypto 2003, LNCS, Vol. 2729, pp. 226-246, 2003.

N. Howgrave-Graham, J.H. Silverman, W. Whyte, "Choosing parameter sets for NTRUEncrypt with NAEP and SVES-3", Topics in Cryptology. CT-RSA 2005, LNCS, Vol. 3376, pp. 118-135, 2005.

N. Howgrave-Graham, J.H. Silverman, A. Singer, W. Whyte, "NAEP: provable security in the presence of decryption failures", Cryptology ePrint Archive, Report 2003/172. [Electronic resource]. Online: http://eprint. iacr.org/2003/172

J.A. Proos, Imperfect decryption and an attack on the NTRU encryption scheme, Cryptology ePrint Archive, Report 2003/002. [Electronic resource]. Online: http://eprint. iacr.org/2003/002.

Published

2018-06-25

Issue

Section

Articles