First-order collision attack on protected NTRU cryptosystem

NTRU cryptosystem has been widely used in microsystems with low performance in computation. In 2010 Lee et al. gave several power analysis attacks on NTRU and three countermeasures, where they argued that only second-order power analysis can break their first countermeasure, and the combination of the first and third countermeasure is secure. In this paper we give efficient first-order collision attacks against all their countermeasures. Besides a gain of 108.4% and 78% in efficiency, our attacks cannot be avoided by any padding scheme. Furthermore, we discuss some countermeasures preventing our attacks.

[1]  William Whyte,et al.  Choosing NTRUEncrypt Parameters in Light of Combined Lattice Reduction and MITM Approaches , 2009, ACNS.

[2]  Jasper G. J. van Woudenberg,et al.  Defeating RSA Multiply-Always and Message Blinding Countermeasures , 2011, CT-RSA.

[3]  Thomas Eisenbarth,et al.  Correlation-Enhanced Power Analysis Collision Attack , 2010, CHES.

[4]  Christof Paar,et al.  A New Class of Collision Attacks and Its Application to DES , 2003, FSE.

[5]  Ari Renvall,et al.  A wrap error attack against NTRUEncrypt , 2006, Discret. Appl. Math..

[6]  David Pointcheval,et al.  Analysis and Improvements of NTRU Encryption Paddings , 2002, CRYPTO.

[7]  Antoine Joux,et al.  A Chosen-Ciphertext Attack against NTRU , 2000, CRYPTO.

[8]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[9]  Joseph H. Silverman,et al.  NTRU: A Ring-Based Public Key Cryptosystem , 1998, ANTS.

[10]  Nick Howgrave-Graham,et al.  A Hybrid Lattice-Reduction and Meet-in-the-Middle Attack Against NTRU , 2007, CRYPTO.

[11]  Dooho Choi,et al.  Countermeasures against Power Analysis Attacks for the NTRU Public Key Cryptosystem , 2010, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[12]  Joseph H. Silverman,et al.  Optimizations for NTRU , 2001 .

[13]  Andrey Bogdanov,et al.  Multiple-Differential Side-Channel Collision Attacks on AES , 2008, CHES.

[14]  Adi Shamir,et al.  Lattice Attacks on NTRU , 1997, EUROCRYPT.

[15]  Christophe Clavier,et al.  Improved Collision-Correlation Power Analysis on First Order Protected AES , 2011, CHES.

[16]  Andrey Bogdanov,et al.  Improved Side-Channel Collision Attacks on AES , 2007, Selected Areas in Cryptography.

[17]  William Whyte,et al.  Choosing Parameter Sets for NTRUEncrypt with NAEP and SVES-3 , 2005, IACR Cryptol. ePrint Arch..

[18]  Joseph H. Silverman,et al.  NTRU in Constrained Devices , 2001, CHES.

[19]  Joseph H. Silverman,et al.  Dimension Reduction Methods for Convolution Modular Lattices , 2001, CaLC.

[20]  Nicolas Gama,et al.  Symplectic Lattice Reduction and NTRU , 2006, EUROCRYPT.

[21]  Ingrid Verbauwhede,et al.  Power analysis on NTRU implementations for RFIDs: First results , 2008 .

[22]  Nicolas Gama,et al.  New Chosen-Ciphertext Attacks on NTRU , 2007, Public Key Cryptography.

[23]  David Pointcheval,et al.  The Impact of Decryption Failures on the Security of NTRU Encryption , 2003, CRYPTO.

[24]  Daniele Micciancio,et al.  Inapproximability of the Shortest Vector Problem: Toward a Deterministic Reduction , 2012, Theory Comput..