2007 | OriginalPaper | Chapter
New Chosen-Ciphertext Attacks on NTRU
Authors : Nicolas Gama, Phong Q. Nguyen
Published in: Public Key Cryptography – PKC 2007
Publisher: Springer Berlin Heidelberg
Activate our intelligent search to find suitable subject content or patents.
Select sections of text to find matching patents with Artificial Intelligence. powered by
Select sections of text to find additional relevant content using AI-assisted search. powered by
We present new and efficient key-recovery chosen-ciphertext attacks on
NTRUencrypt
. Our attacks are somewhat intermediate between chosen-ciphertext attacks on
NTRUencrypt
previously published at CRYPTO ’00 and CRYPTO ’03. Namely, the attacks only work in the presence of decryption failures; we only submit valid ciphertexts to the decryption oracle, where the plaintexts are chosen uniformly at random; and the number of oracle queries is small. Interestingly, our attacks can also be interpreted from a provable security point of view: in practice, if one had access to a
NTRUencrypt
decryption oracle such that the parameter set allows decryption failures, then one could recover the secret key. For instance, for the initial NTRU-1998 parameter sets, the output of the decryption oracle on a single decryption failure is enough to recover the secret key.