performance evaluation of public key cryptosystems advisor: dr.jens peter kaps
DESCRIPTION
Performance Evaluation of Public Key Cryptosystems Advisor: Dr.Jens Peter Kaps. Project Team: Rakesh Malireddy Rohan Malewar Vasunandan Peddi Vijay Koneru. Introduction to NTRU. Introduced in 1998 by Jeffrey Hoffstein, Jill Pipher and Joseph Silverman - PowerPoint PPT PresentationTRANSCRIPT
Performance Evaluation of Public Key Cryptosystems
Advisor: Dr.Jens Peter Kaps
Project Team:Rakesh Malireddy
Rohan Malewar
Vasunandan Peddi
Vijay Koneru
Introduction to NTRU
Introduced in 1998 by Jeffrey Hoffstein, Jill Pipher and Joseph Silverman
First public-key algorithm not based on either integer factorization or the discrete logarithm problem
It promises efficient performance combined with robust security
NTRU’s creators claim that it is resistant to parallel processing attacks and that this fact, combined with its disposable key technology, considerably reduces the risk of power attacks, timing attacks and security breaches due to lost or intercepted keys
What is NTRU?
NTRU is nth degree truncation. A public key algorithm where a key pair(public and private
key) is generated using complicated mathematical functions.
The concept of NTRU lies in the ring of truncated polynomials of degree N-1 with integer coefficients. So, instead of using prime numbers we use a polynomial rings such as
a = a0 + a1 X + a2 X2 + … + aN-2 XN-2 + aN-1 XN-1
NTRU Key Generation
Compute a random polynomial ‘f’ that has ‘p1’ co-effecients equal to 1 and ‘m1’ co-effecients equal to –1 (p1 and m1 are inputs from the user)
Compute the inverse of ‘f’ with mod p (fp) such that f * fp = 1 (mod p) If fp does not exist then perform the above step again. Compute the inverse of ‘f’ with mod q (fq) such that: f * fq = 1 (mod q) If fq does not exist then return to step 2. Compute the value of h such that: h = pfq * g (mod q) The NTRU private key is (f, fp) and the public key is h. where, N - Polynomials in ring R have degree equal to N-1 p - The small modulus q - The large modulus
NTRU Encryption & Decryption
Encryption:
The message to be sent must first be expressed in the form of a polynomial whose co-effecients are chosen modulo p.The message can then be encrypted as follows: Generate a random polynomial ‘r’ that has ‘dr’ co-effecients equal to 1 and ‘dr-1’
coeffecients equal to -1 Compute polynomial E such that
E=r*h + M(mod q) E is the encrypted message
Decryption:
The original message can be recovered by : Compute a such that a=f*E(mod q) Compute b such that b= a mod p Compute M such that M=fp*b (mod p)
Calculating Inverse of a Polynomial To compute the inverse of a (mod m): Let d = a, u = 1, v1 = 0, v3 = XN – 1
While v3 ≠ 0, iterate the following: Compute q and t3 such that d = v3 * q + t3 (mod p) and the degree of t3 is less
than the degree of v3. (This is polynomial long division, a complex algorithm in itself.)
t1 = u – q * v1 u = v1 d = v3 v1 = t1 v3 = t3 If the degree of d is greater than 0, the inversion has failed (i.e. a is not invertible
(mod p) or (mod m)) EXIT Let c = d0
-1u (mod p) (where d0 is the constant term in the polynomial d). If r > 1: Let q = p. While q < m, iterate the following: x = c * c (mod m) x = a * x (mod m) c = 2c – x (mod m) q = q2 Return c (mod m).
Implementation The code to implement NTRU is written using the C language.Different functions
were written to implement the different functionalities.
Polynomial multiplication When calculating the cipher text, E=r*h+M(mod q), we pass the polynomials that we have
to multiply as arguments to the function and the result is the product of the two polynomials Polynomial division This function is used to calculate q and t3 when a and b are known in the equation a=b*q+t3 (mod p)
Polynomial Inverse This function determines whether or not the inverse of the polynomial can be computed or
not
Key Creation
Key Encryption
Key Decryption
How NTRU works?
a = f*e (mod q) = f*(r*h + m) (mod q) [since e = r*h + m (mod q)] = f*(r*pfq*g + m) (mod q) [since h = pfq*g (mod q)] = pr*g + f*m (mod q) [since f*fq= 1(mod q)]p , r , g , f , m are already in the (–q/2,q/2) range. So 'a' reducing again to 'q' would not effect anything
b = f*m (mod p) So Bob's final step is to multiply b by fp and use the fact that
fp*f = 1 (mod p) to computed = fp* b = fp* f*m = m (mod p)
This allows him to recover Alice's message ‘m’
XTR
XTR can be used in any cryptosystem that relies on discrete logarithm problem
XTR public key Data is ( P,Q,Tr(g))
Selection of ‘q’
int generate_q( bigint &q, bigint &r, const int q_bit_length, const int n_prime_tests){
int cnt;
bigint r_max;
cnt=0;
power(r_max,2,q_bit_length/2+1);
do{
r.randomize(r_max);
q=r*r-r+1;
cnt++;
}while(q.bit_length()!=q_bit_length ||! is_prime(q,n_prime_tests));
return cnt
Selection of ‘p’
int generate_p( bigint &p, const bigint &q, const bigint &r, const int n_prime_tests)
{ int k
k=0;p=r;do{
k++p+=q;
}while(remainder(p,3)!=2 || ! is_prime(p,n_prime_tests));return k;
}
Computation of Trace Group
Tr(h) = h+hp2+hp4
Trace belongs to GF(p2)
The trace group is represented by Sn
Computation of Trace Group
Sn(c) = (cn−1, cn, cn+1) belongs to GF(p2)3
Sn(Tr(g)) = (Tr(gn−1), Tr(gn), Tr(gn+1))
LiDIA Library
Mathematical library used in XTR programbigintbigmod
Results
Level of Security NTRU XTR Standard 167 bits 85 bits High 263 bits 170 bits Highest 503 bits 340 bits
Observations
Key Generation: XTR outperforms NTRU marginally at
Standard security level At High security level XTR outperforms NTRU
approximately by a factor of 1.5
Observations
Encryption: NTRU outperforms XTR by a large factor due
to exponentiation function in the XTR On going for higher security levels, the above
factor reduces marginally
Observations
Decryption: NTRU outperforms XTR XTR has same encryption as NTRU on a high
level security and on a platform with limited resources like PC
Problems Faced
NTRU: Performing long division method while
calculating inverse Performing mod function when p=3
XTR: Implementation of Library routine Implementation of encryption function
QUERIES ???