Jeffrey Hoffstein

NTRU: A Ring-Based Public Key Cryptosystem

We describe NTRU, a new public key cryptosystem. NTRU features reasonably short, easily created keys, high speed, and low memory requirements. NTRU encryption and decryption use a mixing system suggested by polynomial algebra combined with a clustering principle based on elementary probability theory. The security of the NTRU cryptosystem comes from the interaction of the polynomial mixing system with the independence of reduction modulo two relatively prime integers p and q.

NTRUSign: digital signatures using the NTRU lattice

We present a mechanism to encrypt to an arbitrary collection of identities using a variant of the Boneh-Franklin identity based encryption scheme. The decryptor is defined by a logical formulae of conjunctions and disjunctions. This enables a simple mechanism to drive access control to broadcast encrypted data using user identities as the public keys.

MULTIPLE DIRICHLET SERIES AND MOMENTS OF ZETA AND L{FUNCTIONS

This paper develops an analytic theory of Dirichlet series in several complex variables which possess sufficiently many functional equations. In the first two sections it is shown how straightforward conjectures about the meromorphic continuation and polar divisors of certain such series imply, as a consequence, precise asymptotics (previously conjectured via random matrix theory) for moments of zeta functions and quadratic L-series. As an application of the theory, in a third section, we obtain the current best known error term for mean values of cubes of cent ral values of Dirichlet L-series. The methods utilized to derive this result are the convexity principle for functions of several complex-variables combined with a knowledge of groups of functional equations for certain multiple Dirichlet series.

NSS: An NTRU Lattice-Based Signature Scheme

A new authentication and digital signature scheme called the NTRU Signature Scheme (NSS) is introduced. NSS provides an authentication/signature method complementary to the NTRU public key cryptosystem. The hard lattice problem underlying NSS is similar to the hard problem underlying NTRU, and NSS similarly features high speed, low footprint, and easy key creation.

Optimizations for NTRU

In this note we describe a variety of methods that may be used to increase the speed and efficiency of the NTRU public key cryptosystem. 1991 Mathematics Subject Classification: 94A60, 11T71. 1. An Overview of NTRU The NTRU Public Key Cryptosystem is based on ring theory and relies for its security on the difficulty of solving certain lattice problems. In this section we will briefly review the properties of NTRU that are relevant to the topics in this paper. For further details and a security analysis of NTRU, see [HPS,S1,S2]. A general formulation of the NTRU Public Key Cryptosystem uses a ring R and two (relatively prime) ideals p and q in R. A rough outline of the key creation, encryption, and decryption processes is as follows: • Key Creation Bob creates a public key h by choosing elements f, g ∈ R, computing the mod q inverse f−1 q of f , and setting h ≡ f−1 q ∗ g (mod q). Bob’s private key is the element f . Bob also precomputes and stores the mod p inverse f−1 p of f . • Encryption In order to encrypt a plaintext message m ∈ R using the public key h, Alice selects a random element r ∈ R and forms the ciphertext e ≡ r ∗ h + m (mod q). • Decryption In order to decrypt the ciphertext e using the private key f , Bob first computes

Choosing NTRUEncrypt Parameters in Light of Combined Lattice Reduction and MITM Approaches

We present the new NTRUEncrypt parameter generation algorithm, which is designed to be secure in light of recent attacks that combine lattice reduction and meet-in-the-middle (MITM) techniques. The parameters generated from our algorithm have been submitted to several standard bodies and are presented at the end of the paper.

Random small hamming weight products with applications to cryptography

There are many cryptographic constructions in which one uses a random power or multiple of an element in a group or a ring. We describe a fast method to compute random powers and multiples in certain important situations including powers in the Galois field F2n, multiples on Koblitz elliptic curves, and multiples in NTRU convolution polynomial rings. The underlying idea is to form a random exponent or multiplier as a product of factors, each of which has low Hamming weight when expanded as a sum of powers of some fast operation.

On some applications of automorphic forms to number theory

A basic idea of Dirichlet is to study a collection of interesting quantities {an}n≥1 by means of its Dirichlet series in a complex variable w: ∑ n≥1 ann −w. In this paper we examine this construction when the quantities an are themselves infinite series in a second complex variable s, arising from number theory or representation theory. We survey a body of recent work on such series and present a new conjecture concerning them.

Polynomial Rings and Efficient Public Key Authentication II

In a recent paper [3] a highly efficient public key authentication scheme called PASS was introduced. In this paper we show how a small modification in the scheme cuts the size of the public key and the commitment in half while reducing an already minimal computational load.

Choosing Parameters for NTRUEncrypt

We describe a method for generating parameter sets, and calculating security estimates, for NTRUEncrypt. Our security analyses consider lattice attacks, the hybrid attack, subfield attacks, and quantum search. Analyses are provided for the IEEE 1363.1-2008 product-form parameter sets, for the NTRU Challenge parameter sets, and for two new parameter sets. These new parameter sets are designed to provide \(\ge 128\)-bit post-quantum security.