《NTRU A Ring-Based Public Key Cryptosystem》-公开·课件设计.pptVIP

NTRU: A Ring-Based Public Key Cryptosystem Jeffrey Hoffstein, Jill Pipher, Joseph H. Silverman LNCS 1423, 1998 Outline Introduction Scheme Parameter selection Security analysis Practical implementations of NTRU Conclusion Introduction The encryption produce uses a mixing system based on polynomial algebra and reduction modulo two numbers p and q. The decryption produce uses an unmixing system whose validity depends on elementary probability theory. Introduction The security of NTRU The interaction of the polynomial mixing system with the independence of reduction modulo p and q. Fact that for most lattices, it is very difficult to find extremely short vectors. Outline Introduction Scheme Parameter selection Security analysis Practical implementations of NTRU Conclusion Notation An NTRU cryptosystem depends on 3 integer parameters (N, p, q) p and q need not be prime gcd(p, q) = 1 q will always be considerably larger then p 4 sets Lf, Lg, Lφ, Lm of polynomial of degree N-1 integer coefficients. Notation An NTRU cryptosystem depends on Work in the ring R = Z[X] / (XN - 1) F ∈ R will be written as a poly or a vector * to denote multiplication in R as a cyclic convolution product Do a multiplication modulo q, mean to reduce the coefficiens modulo q. Scheme – Key Generation Random chooses 2 polynomials f, g ∈ Lg f must satisfy the additional requirement that it have inverses modulo q and modulo p. Denote these inverses by Fq and Fp, that is Fq * f ≡ 1 mod q and Fp * f ≡1 mod p Public key h ≡ Fq * g mod q Secret key f Store Fp Scheme – Encryption A message m from the set of plaintext Lm Random choose a polynomial φ∈Lφ Compute e ≡ pφ * h + m mod q Scheme – Decryption First compute a ≡ f * e mod q The coefficients of a in [-q/2 , q/2] Recovers the message by computing Fp * a mod p Outline Introduction Scheme Parameter selection Security analysis Practical implementations of NTRU Conclusion Notation and a norm estimate The width of an element F ∈ R to be |F|∞ = max{Fi}