We present new and efficient key-recovery chosen-ciphertext attacks on NTRUENCRYPT. Our attacks are somewhat intermediate between chosen-ciphertext attacks on NTRUENCRYPT previously published at CRYPTO '00 and CRYPTO '03. Namely, the attacks only work in the presence of decryption failures; we only submit valid ciphertexts to the decryption oracle, where the plaintexts are chosen uniformly at random; and the number of oracle queries is small. Interestingly, our attacks can also be interpreted from a provable security point of view: in practice, if one had access to a NTRUENCRYPT decryption oracle such that the parameter set allows decryption failures, then one could recover the secret key. For instance, for the initial NTRU-1998 parameter sets, the output of the decryption oracle on a single decryption failure is enough to recover the secret key. © International Association for Cryptologic Research 2007.
CITATION STYLE
Gama, N., & Nguyen, P. Q. (2007). New chosen-ciphertext attacks on NTRU. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 4450 LNCS, pp. 89–106). Springer Verlag. https://doi.org/10.1007/978-3-540-71677-8_7
Mendeley helps you to discover research relevant for your work.