Public-key Cryptosystem using Non commutative ring

1. Public-key Cryptosystem using Non commutative ring 2002. 10. 10 Network Security 20022052 Min Sung Jun

2. Contents • Introduction • Objectives of my project • Newly proposed schemes - Ring based scheme ( NTRU ) - Sparse polynomials based scheme • Questions • References

3. 1. Introduction • Most cryptographic protocols and algorithms base on abelian groups and finite fields • Advents of the new cryptographic systems • NTRU : Ring based cryptosystem • D.Grant et.al scheme : based on sparse polynomials • Braid : using non abelian group • The reason for these advents • To offer more efficiency, secrecy -> By using a specific property

4. 2. Objectives of my project • Analysis of the new schemes • Design method (know-how) • Security analysis • Development of the schemes • More secure or more efficient by using non commutative rings • Proposal specific cryptographic schemes in NTRU or D.Grant scheme • Comparison • Commutative VS Non -commutative

5. 3. Ring based scheme ( NTRU ) • NTRU operates in the ring • Parameters • ( N, p, q ) and Lm, Lf, Lg , and Lφ • Key generation • Choose private keys f∈ Lf and g∈ Lg • Compute the inverses of f ( f-1 (mod p), f-1 (mod q) ) • compute h = f-1 (mod q) × g  public key = (h, p, q, N)

6. NTRU • Encryption • Bob choose φ∈rLφ • Ciphertext e = pφ × h + m (mod q) • Decryption : For ciphertext e • Compute a = f × e (mod q) • Compute message m = f-1(mod p) × a (mod p) • Advantages • Speedy • Fewer system requirements • Rapid key generation

7. NTRU • Remark : NTRU does not always succeed in returning the original message. ( Wrapping and gap failure ) • Must choose the proper NTRU parameters • The plaintext m must have coefficients within –p/2 ~ p/2 • The polynomial pφ × g + f × m must have coefficients within –q/2 ~ q/2  P(Decryption failure) ≤ 5*10-5

8. D.Grant et.al scheme • New type of cryptosystem based on sparse polynomials over finite fields • Hard Problem ( Construction of 1-way f.t. ) • Given sparse polynomial equations of high degree over certain large rings, find a solution to the system • Trapdoor : Values at any point can be computed quite efficiently

9. D.Grant et.al scheme • Construction of a Cryptosystem [Step 1] - System parameters - • Choose a large Fq • Choose si , ti∈Z+ , (1≤i≤k) [Step 2] • Alice puts e1 = 1, and selects v∈rFq • Sekect e2,e3,…,ek∈rZq-1 [Step 3] • Alice selects h1,h2,…,hk∈ Fq[x1,…,xk] s.t. deg(hi)≤q-1 & at most ti-1 monomials • Compute fi(x1,…,xk) = hi(x1,…,xk) - hi(a1,…,ak), where ai = vei • {f1,…,fk} : Public

10. D.Grant et.al scheme • Encryption : to encrypt a message m ∈ Fq • Bob selects g1,…,gk∈r Fq[x1,…,xk] s.t. deg(gi) ≤ q-1, at most si monomials, & non-zero constant • Compute Ψ = f1g1+f2g2+…+fkgkmod • Ciphertext Ω = m + Ψ • Decryption : For given ciphertext Ω, • Compute Ω(a1,…,ak) = m

11. D.Grant et.al scheme • Security Considerations • Try to find a solution to the system of equations  require time polynomial in total degree n • Guess a solution  P( successive guess ) = 2 ×q-k • Lattice attack : not practical • Disadvantage : high message expansion cost

12. My Questions • Can be possible Multi-party encryption scheme ? - Positive answer!!! • Can be modified more efficiently or securely ? - Positive answer!!! By using Non-commutative ring • Can make a signature scheme ? - I don’t know

13. References [1] J. Hoffstein, J. Pipher, and J.H. Silverman, “NTRU : A Ring-Based Public Key Cryptosystem”, Proceedings of ANTS , Portland (1998), Springer-Verlag [2] D.Grant et al, “ A Public key cryptosystem based on sparse polynomials”, Proc. International Conference on Coding Theory, Cryptography and Related Areas, Guanajuato, (1988), Springer-Verlag, Berlin, 2000, 114-121 [3] P. Garret, Making, Breaking Codes : An Introduction to Cryptology, (2001), Prentice-Hall [4] T. Y. Lam, A First Course in Noncommutative Rings, (1990), Springer-Verlag New York. [5] http://www.ntru.com