We describe NTRU, a new public key cryptosystem. NTRU features reasonably short, easily created keys, high speed, and low memory requirements. NTRU encryption and decryption use a mixing system suggested by polynomial algebra combined with a clustering principle based on elementary probability theory. The security of the NTRU cryptosystem comes from the… (More)
Specifications of common public-key cryptographic techniques based on hard problems over 1 lattices supplemental to those considered in IEEE 1363 and IEEE P1363a, including mathematical 2 primitives for secret value (key) derivation, public-key encryption, identification and digital signatures, and 3 cryptographic schemes based on those primitives.… (More)
A new authentication and digital signature scheme called the NTRU Signature Scheme (NSS) is introduced. NSS provides an authenti-cation/signature method complementary to the NTRU public key cryp-tosystem. The hard lattice problem underlying NSS is similar to the hard problem underlying NTRU, and NSS similarly features high speed, low footprint, and easy key… (More)
There are many cryptographic constructions in which one uses a random power or multiple of an element in a group or a ring. We describe a fast method to compute random powers and multiples in certain important situations including powers in the Galois field F2n, multiples on Koblitz elliptic curves, and multiples in NTRU convolution polynomial rings. The… (More)
We present the new NTRUEncrypt parameter generation algorithm, which is designed to be secure in light of recent attacks that combine lattice reduction and meet-in-the-middle (MITM) techniques. The parameters generated from our algorithm have been submitted to several standard bodies and are presented at the end of the paper.
We describe a methods for generating parameter sets and calculating security estimates for NTRUEncrypt. Analyses are provided for the standardized product-form parameter sets from IEEE 1363.1-2008 and for the NTRU Challenge parameter sets.
We present PASSSign, a variant of the prior PASS and PASS-2 proposals, as a candidate for a practical post-quantum signature scheme. Its hardness is based on the problem of recovering a ring element with small norm from an incomplete description of its Chinese remainder representation. For our particular instantiation, this corresponds to the recovery of a… (More)