Joseph H. Silverman
Fully Homomorphic Encryption from the Finite Field Isomorphism Problem
If q is a prime and n is a positive integer then any two finite fields of order $$q^n$$qn are isomorphic. Elements of these fields can be thought of as polynomials with coefficients chosen modulo q, and a notion of length can be associated to these polynomials. A non-trivial isomorphism between the fields, in general, does not preserve this length, and a short element in one field will usually have an image in the other field with coefficients appearing to be randomly and uniformly distributed modulo q. This key feature allows us to create a new family of cryptographic constructions based on the difficulty of recovering a secret isomorphism between two finite fields. In this paper we describe a fully homomorphic encryption scheme based on this new hard problem.
IEEE P1363.1 Draft 10: Draft Standard for Public Key Cryptographic Techniques Based on Hard Problems over Lattices
Engineering specifications and security considerations for NTRUEncrypt, secure against the lattice attacks presented at Crypto 2007
Choosing Parameter Sets for NTRUEncrypt with NAEP and SVES-3
We present, for the first time, an algorithm to choose parameter sets for NTRUEncrypt that give a desired level of security. Note: This is an expanded version of a paper presented at CT-RSA 2005.
Performance Improvements and a Baseline Parameter Generation Algorithm for NTRUSign
The original presentation of the NTRUSign signature scheme gave a set of parameters that were claimed to give 80 bits of security, but did not give a general recipe for generating parameter sets to a specific level of security. In line with recent research on NTRUEncrypt, this paper presents an outline of such a recipe for NTRUSign. We also present certain technical advances upon which we intend to build in subsequent papers.
Modified Parameter Attacks: Practical Attacks against CCA2 Secure Cryptosystems and Countermeasures
We introduce the concept of Modified Parameter Attacks, a natural extension of the idea of Adapative Chosen Ciphertext Attacks (CCA2) under which some CCA2 secure systems can be shown to be insecure. These insecurities can be addressed at the application level, but can also be addressed when cryptographic schemes are being designed. We survey some existing CCA2 secure systems which are vulnerable to this attack and suggest practical countermeasures.
NAEP: Provable Security in the Presence of Decryption Failures
We consider the impact of the possibility of decryption failures in proofs of security for padding schemes, where these failures are both message and key dependent. We explain that an average case failure analysis is not necessarily sufficient to achieve provable security with existing CCA2-secure schemes. On a positive note, we introduce NAEP, an efficient padding scheme similar to PSS-E designed especially for the NTRU one-way function. We show that with this padding scheme we can prove security in the presence of decryption failures, under certain explicitly stated assumptions. We also discuss the applicability of proofs of security to instantiated cryptosystems in general, introducing a more practical notion of cost to describe the power of an adversary.
- CHES 2004
- CHES 2002
- CHES 2001
- CHES 2000
- Daniel V. Bailey (1)
- Daniel Coffin (1)
- Yarkin Doröz (1)
- Adam J. Elbirt (1)
- Phil Hirschhorn (1)
- Jeffrey Hoffstein (8)
- Nick Howgrave-Graham (6)
- Phong Q. Nguyen (1)
- Jill Pipher (7)
- David Pointcheval (1)
- John Proos (1)
- John M. Schanck (3)
- Ari Singer (3)
- Berk Sunar (1)
- Joe Suzuki (1)
- William Whyte (10)
- Adam D. Woodbury (1)
- Zhenfei Zhang (3)