TY - JOUR
AU - Matiyko, Alexandra
PY - 2020/12/30
Y2 - 2021/07/30
TI - BKW-attack on NTRUCIPHER and NTRUCIPHER+ encryption schemes
JF - Information Technology and Security
JA - ITS
VL - 8
IS - 2
SE - CRYPTOLOGY
DO - 10.20535/2411-1031.2020.8.2.222599
UR - http://its.iszzi.kpi.ua/article/view/222599
SP - 164-176
AB - <p>Due to the appearance of quantum computers, which will significantly reduce the time of solving certain problems, the security of many standardized cryptosystems is under threat. This prompted NIST to launch an open competition to create new post-quantum standards in 2016. In the summer of 2020, the NTRU algorithm, one of the fastest post-quantum algorithms based on lattices in Euclidean space (1996), was entered the seven finalists of this competition. However, only in 2017 was proposed an analog of this encryption scheme – symmetric encryption scheme NTRUCipher. Preliminary researches of this encryption scheme have been conducted but it’s security to chosen-plaintext attack, which consists of compiling a system of linear equations corrupted by noise (over a finite field of simple order) and solving it using a generalized BKW algorithm, have not been analyzed. For the first time, the NTRUCipher + cipher scheme is proposed in this article. Its main difference is the usage of an additional random polynomial when encrypting. The security of NTRUCipher cipher scheme and its modification NTRUCipher+ against BKW-attack is researched. Such an attack is possible for symmetric NTRU-like cipher schemes but it has not been considered before. Analytical (upper and lower) bounds of the BKW attack’s complexity on NTRUCipher and NTRUCipher + are obtained. The comparison of these cipher schemes on the encrypted messages’ length against BKW-attack at certain identical fixed parameters is carried out. It is shown that the security increase of the NTRUCipher cipher scheme against BKW-attack due to the usage of an additional additive in encryption is almost completely leveled by increasing the upper bound of the decryption failure probability. Research allows to compare these cipher schemes in terms of security and practicality and to conclude that it is inexpedient to use NTRUCipher+ to increase the security of the NTRUCipher cipher scheme to BKW attack. In the future, it is planned to develop methods for constructing symmetric analogs of the NTRU cryptosystem based on other general lattice-based structures.</p>
ER -