To install click the Add extension button. That's it.

The source code for the WIKI 2 extension is being checked by specialists of the Mozilla Foundation, Google, and Apple. You could also do it yourself at any point in time.

How to transfigure the Wikipedia

Would you like Wikipedia to always look as professional and up-to-date? We have created a browser extension. It will enhance any encyclopedic page you visit with the magic of the WIKI 2 technology.

Try it — you can delete it anytime.

Install in 5 seconds
4,5
Kelly Slayton
Congratulations on this excellent venture… what a great idea!
Alexander Grigorievskiy
I use WIKI 2 every day and almost forgot how the original Wikipedia looks like.
Live Statistics
English Articles
Improved in 24 Hours
Added in 24 Hours
Languages
Recent
Show all languages
What we do. Every page goes through several hundred of perfecting techniques; in live mode. Quite the same Wikipedia. Just better.
Great Wikipedia has got greater.
.
Leo
Newton
Brights
Milds

NTRUSign

From Wikipedia, the free encyclopedia

NTRUSign, also known as the NTRU Signature Algorithm, is an NTRU public-key cryptography digital signature algorithm based on the GGH signature scheme. The original version of NTRUSign was Polynomial Authentication and Signature Scheme (PASS), and was published at CrypTEC'99.[1] The improved version of PASS was named as NTRUSign, and was presented at the rump session of Asiacrypt 2001 and published in peer-reviewed form at the RSA Conference 2003.[2] The 2003 publication included parameter recommendations for 80-bit security. A subsequent 2005 publication revised the parameter recommendations for 80-bit security, presented parameters that gave claimed security levels of 112, 128, 160, 192 and 256 bits, and described an algorithm to derive parameter sets at any desired security level. NTRU Cryptosystems, Inc. have applied for a patent on the algorithm.

NTRUSign involves mapping a message to a random point in 2N-dimensional space, where N is one of the NTRUSign parameters, and solving the closest vector problem in a lattice closely related to the NTRUEncrypt lattice. NTRUSign is claimed to be faster than those algorithms at low security levels, and considerably faster at high security levels. However, analysis had shown that original scheme is insecure and would leak knowledge of private key.[3][4]

A redesigned pqNTRUSign had been submitted to the NIST Post-Quantum Cryptography Standardization competition.[5] It is based on "hash-and-sign" (contrasting Fiat–Shamir transformation) methodology, and claims to achieve smaller signature size.

NTRUSign is under consideration for standardization by the IEEE P1363 working group.[citation needed]

Security

It was demonstrated in 2000 by Wu, Bao, Ye and Deng that the signature of PASS, the original version of NTRUSign, can be forged easily without knowing the private key.[6] NTRUSign is not a zero-knowledge signature scheme and a transcript of signatures leaks information about the private key, as first observed by Gentry and Szydlo.[3] Nguyen and Regev demonstrated in 2006 that for the original unperturbed NTRUSign parameter sets an attacker can recover the private key with as few as 400 signatures.[4]

The current proposals use perturbations to increase the transcript length required to recover the private key: the signer displaces the point representing the message by a small secret amount before the signature itself is calculated. NTRU claimed that at least 230 signatures are needed, and probably considerably more, before a transcript of perturbed signatures enabled any useful attack. In 2012 an attack on the scheme with perturbations was presented that required a few thousand signatures for standard security parameters.[7]

The pqNTRUSign claims a 128-bit classical and quantum security for their given parameter set.

References

  1. ^ Hoffstein, Jeffrey; Lieman, Daniel; Silverman, Joseph H. (1999). "Polynomial Rings and Efficient Public Key Authentication" (PDF). International Workshop on Cryptographic Techniques and E-Commerce (CrypTEC'99). City University of Hong Kong Press.
  2. ^ Hoffstein, Jeffrey; Howgrave-Graham, Nick; Pipher, Jill; Silverman, Joseph H.; Whyte, William (2003). "NTRUSign: Digital Signatures Using the NTRU Lattice" (PDF). Topics in Cryptology — CT-RSA 2003. LNCS. Vol. 2612. Springer. pp. 122–140.
  3. ^ a b http://www.szydlo.com/ntru-revised-full02.pdf[bare URL PDF]
  4. ^ a b P. Nguyen and O. Regev, "Learning a Parallelepiped: Cryptanalysis of GGH and NTRU Signatures", available from https://cims.nyu.edu/~regev/papers/gghattack.pdf
  5. ^ "NIST Post Quantum Crypto Submission". OnBoard Security. Archived from the original on 2017-12-29. Retrieved 2018-03-20.
  6. ^ Wu, Hongjun; Bao, Feng; Ye, Dingfeng; Deng, Robert H. (2000). "Cryptanalysis of Polynomial Authentication and Signature Scheme" (PDF). ACISP 2000. LNCS. Vol. 1841. Springer. pp. 278–288.
  7. ^ Ducas, Léo; Nguyen, Phong (2012). "Learning a Zonotope and More: Cryptanalysis of NTRUSign Countermeasures" (PDF). ASIACRYPT 2012. LNCS. Vol. 7658. Springer. pp. 433–450. doi:10.1007/978-3-642-34961-4_27. Retrieved 2013-03-07.

External links

This page was last edited on 28 December 2022, at 20:29
Basis of this page is in Wikipedia. Text is available under the CC BY-SA 3.0 Unported License. Non-text media are available under their specified licenses. Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc. WIKI 2 is an independent company and has no affiliation with Wikimedia Foundation.
Contact WIKI 2
Introduction
Terms of Service
Privacy Policy