tailieunhanh - Lectures on the NTRU encryption algorithm and digital signature scheme

Lattices have been studied by cryptographers for quite some time, in both the field of cryptanalysis and as a source of hard problems on which to build encryption schemes. In this lecture, we describe the NTRU encryption algorithm, and the lattice problems on which this is based. | Lectures on the NTRU encryption algorithm and digital signature scheme Grenoble June 2002 J. Pipher Brown University Providence RI 02912 1 Lecture 1 Integer lattices Lattices have been studied by cryptographers for quite some time in both the field of cryptanalysis see for example 16-18 and as a source of hard problems on which to build encryption schemes see 1 8 9 . In this lecture we describe the NTRU encryption algorithm and the lattice problems on which this is based. We begin with some definitions and a brief overview of lattices. If ai a2 . an are n independent vectors in Rm n m then the integer lattice with these vectors as basis is the set L 52n xiai xi 2 Zg. A lattice is often represented as matrix A whose rows are the basis vectors a1 . a . The elements of the lattice are simply the vectors of the form vTA which denotes the usual matrix multiplication. We will specialize for now to the situation when the rank of the lattice and the dimension are the same n m . The determinant of a lattice det L is the volume of the fundamental parallelepiped spanned by the basis vectors. By the Gram-Schmidt process one can obtain a basis for the vector space generated by L and the det L will just be the product of these orthogonal vectors. Note that these vectors are not a basis for L as a lattice since L will not usually possess an orthogonal basis. The two fundamental problems in the theory of integer lattices are the shortest vector problem SVP and the more general closest vector problem CVP . Roughly speaking both of these problems are concerned with finding the most efficient basis of the lattice - a basis consisting of vectors which are as short and as orthogonal as possible. Specifically if v is a vector in the lattice let v denote a norm on v typically the sup norm maxvi or the Euclidean norm Ự52 v2. Given a basis A for a lattice L the shortest vector problem is that of finding a nonzero vector in L with minimum norm. Given an arbitrary target vector v in Z .

• An ninh - Bảo mật
• NTRU encryption algorithm
• Digital signature scheme
• Lectures on the NTRU encryption algorithm
• The NTRU encryption algorithm
• Some basic NTRU security issues
• NTRU Encryption algorithm