About the XL Algorithm over GF(2)

In this paper we introduce NTRUSIGN, a new family of signature schemes based on solving the approximate closest vector problem (APPR-CVP) in NTRU-type lattices. We explore the properties of general APPR-CVP based signature schemes (e.g. GGH) and show that they are not immune to transcript attacks even in the random oracle model. We then introduce the idea of using carefully chosen perturbations to limit the information that is obtainable from an analysis of a large signature transcript. In the case of NTRUSIGN this can be achieved while maintaining attractive efficiency properties.

[1]  Josef Pieprzyk,et al.  Cryptanalysis of Block Ciphers with Overdefined Systems of Equations , 2002, ASIACRYPT.

[2]  Adi Shamir,et al.  Efficient Algorithms for Solving Overdefined Systems of Multivariate Polynomial Equations , 2000, EUROCRYPT.

[3]  David Naccache,et al.  Why You Cannot Even Hope to use Gröbner Bases in Public Key Cryptography: An Open Letter to a Scientist Who Failed and a Challenge to Those Who Have Not Yet Failed , 1994, J. Symb. Comput..

[4]  Phong Q. Nguyen Cryptanalysis of the Goldreich-Goldwasser-Halevi Cryptosystem from Crypto '97 , 1999, CRYPTO.

[5]  David S. Johnson,et al.  Computers and Intractability: A Guide to the Theory of NP-Completeness , 1978 .

[6]  Arjen K. Lenstra,et al.  Selecting Cryptographic Key Sizes , 2000, Journal of Cryptology.

[7]  Don Coppersmith,et al.  Matrix multiplication via arithmetic progressions , 1987, STOC.

[8]  Cynthia Dwork,et al.  A public-key cryptosystem with worst-case/average-case equivalence , 1997, STOC '97.

[9]  Joseph H. Silverman,et al.  NSS: An NTRU Lattice-Based Signature Scheme , 2001, EUROCRYPT.

[10]  A. Shamir,et al.  Cryptanalysis of the HFE Public Key Cryptosystem , 1999 .

[11]  Joseph H. Silverman,et al.  NTRU: A Ring-Based Public Key Cryptosystem , 1998, ANTS.

[12]  Willi Meier,et al.  Solving Underdefined Systems of Multivariate Quadratic Equations , 2002, Public Key Cryptography.

[13]  Nicolas Courtois,et al.  The Security of Hidden Field Equations (HFE) , 2001, CT-RSA.

[14]  Joseph H. Silverman,et al.  Polynomial Rings and Efficient Public Key Authentication II , 2001 .

[15]  László Babai,et al.  On Lovász’ lattice reduction and the nearest lattice point problem , 1986, Comb..

[16]  Jacques Stern,et al.  Lattice Reduction in Cryptology: An Update , 2000, ANTS.

[17]  Oded Goldreich,et al.  Public-Key Cryptosystems from Lattice Reduction Problems , 1996, CRYPTO.

[18]  A. Shamir A polynomial time algorithm for breaking the basic Merkle-Hellman cryptosystem , 1982, FOCS 1982.

[19]  Craig Gentry,et al.  Cryptanalysis of the Revised NTRU Signature Scheme , 2002, EUROCRYPT.

[20]  Henri Cohen,et al.  A course in computational algebraic number theory , 1993, Graduate texts in mathematics.

[21]  William Whyte,et al.  NTRUSIGN: Digital Signatures Using the NTRU Lattice , 2003, CT-RSA.

[22]  Alfred Menezes,et al.  Software Implementation of Elliptic Curve Cryptography over Binary Fields , 2000, CHES.

[23]  Craig Gentry,et al.  Cryptanalysis of the NTRU Signature Scheme (NSS) from Eurocrypt 2001 , 2001, ASIACRYPT.

[24]  Jacques Patarin,et al.  Hidden Fields Equations (HFE) and Isomorphisms of Polynomials (IP): Two New Families of Asymmetric Algorithms , 1996, EUROCRYPT.