High-speed key encapsulation from NTRU

A. Hülsing; J. Rijneveld; J. Schanck; P. Schwabe

doi:10.1007/978-3-319-66787-4_12

High-speed key encapsulation from NTRU

A. Hülsing, J. Rijneveld, J. Schanck, P. Schwabe

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

12 Citations (Scopus)

Abstract

This paper presents software demonstrating that the 20-year-old NTRU cryptosystem is competitive with more recent lattice-based cryptosystems in terms of speed, key size, and ciphertext size. We present a slightly simplified version of textbook NTRU, select parameters for this encryption scheme that target the 128-bit post-quantum security level, construct a KEM that is CCA2-secure in the quantum random oracle model, and present highly optimized software targeting Intel CPUs with the AVX2 vector instruction set. This software takes only 307 914 cycles for the generation of a keypair, 48 646 for encapsulation, and 67 338 for decapsulation. It is, to the best of our knowledge, the first NTRU software with full protection against timing attacks.

Original language	English
Title of host publication	Cryptographic Hardware and Embedded Systems – CHES 2017 - 19th International Conference, Proceedings
Publisher	Springer
Pages	232-252
Number of pages	21
ISBN (Print)	9783319667867
DOIs	https://doi.org/10.1007/978-3-319-66787-4_12
Publication status	Published - 2017
Event	19th International Conference on Cryptographic Hardware and Embedded Systems, (CHES 2017) - Taipei, Taiwan Duration: 25 Sep 2017 → 28 Sep 2017 https://ches.iacr.org/2017/

Publication series

Name	Lecture Notes in Computer Science
Volume	10529
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	19th International Conference on Cryptographic Hardware and Embedded Systems, (CHES 2017)
Abbreviated title	CHES2017
Country	Taiwan
City	Taipei
Period	25/09/17 → 28/09/17
Internet address	https://ches.iacr.org/2017/

Keywords

AVX2
CCA2-secure KEM
Lattice-based crypto
NTRU
Post-quantum crypto
QROM

Access to Document

10.1007/978-3-319-66787-4_12

Fingerprint Dive into the research topics of 'High-speed key encapsulation from NTRU'. Together they form a unique fingerprint.

Cite this

Hülsing, A., Rijneveld, J., Schanck, J., & Schwabe, P. (2017). High-speed key encapsulation from NTRU. In Cryptographic Hardware and Embedded Systems – CHES 2017 - 19th International Conference, Proceedings (pp. 232-252). (Lecture Notes in Computer Science; Vol. 10529). Springer. https://doi.org/10.1007/978-3-319-66787-4_12

@inproceedings{fec592167b1a46c591c857927e83e536,

title = "High-speed key encapsulation from NTRU",

abstract = "This paper presents software demonstrating that the 20-year-old NTRU cryptosystem is competitive with more recent lattice-based cryptosystems in terms of speed, key size, and ciphertext size. We present a slightly simplified version of textbook NTRU, select parameters for this encryption scheme that target the 128-bit post-quantum security level, construct a KEM that is CCA2-secure in the quantum random oracle model, and present highly optimized software targeting Intel CPUs with the AVX2 vector instruction set. This software takes only 307 914 cycles for the generation of a keypair, 48 646 for encapsulation, and 67 338 for decapsulation. It is, to the best of our knowledge, the first NTRU software with full protection against timing attacks.",

keywords = "AVX2, CCA2-secure KEM, Lattice-based crypto, NTRU, Post-quantum crypto, QROM",

author = "A. H{\"u}lsing and J. Rijneveld and J. Schanck and P. Schwabe",

year = "2017",

doi = "10.1007/978-3-319-66787-4_12",

language = "English",

isbn = "9783319667867",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "232--252",

booktitle = "Cryptographic Hardware and Embedded Systems – CHES 2017 - 19th International Conference, Proceedings",

address = "Germany",

note = "19th International Conference on Cryptographic Hardware and Embedded Systems, (CHES 2017), CHES2017 ; Conference date: 25-09-2017 Through 28-09-2017",

url = "https://ches.iacr.org/2017/",

}

Hülsing, A, Rijneveld, J, Schanck, J & Schwabe, P 2017, High-speed key encapsulation from NTRU. in Cryptographic Hardware and Embedded Systems – CHES 2017 - 19th International Conference, Proceedings. Lecture Notes in Computer Science, vol. 10529, Springer, pp. 232-252, 19th International Conference on Cryptographic Hardware and Embedded Systems, (CHES 2017), Taipei, Taiwan, 25/09/17. https://doi.org/10.1007/978-3-319-66787-4_12

High-speed key encapsulation from NTRU. / Hülsing, A.; Rijneveld, J.; Schanck, J.; Schwabe, P.

Cryptographic Hardware and Embedded Systems – CHES 2017 - 19th International Conference, Proceedings. Springer, 2017. p. 232-252 (Lecture Notes in Computer Science; Vol. 10529).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - High-speed key encapsulation from NTRU

AU - Hülsing, A.

AU - Rijneveld, J.

AU - Schanck, J.

AU - Schwabe, P.

PY - 2017

Y1 - 2017

N2 - This paper presents software demonstrating that the 20-year-old NTRU cryptosystem is competitive with more recent lattice-based cryptosystems in terms of speed, key size, and ciphertext size. We present a slightly simplified version of textbook NTRU, select parameters for this encryption scheme that target the 128-bit post-quantum security level, construct a KEM that is CCA2-secure in the quantum random oracle model, and present highly optimized software targeting Intel CPUs with the AVX2 vector instruction set. This software takes only 307 914 cycles for the generation of a keypair, 48 646 for encapsulation, and 67 338 for decapsulation. It is, to the best of our knowledge, the first NTRU software with full protection against timing attacks.

AB - This paper presents software demonstrating that the 20-year-old NTRU cryptosystem is competitive with more recent lattice-based cryptosystems in terms of speed, key size, and ciphertext size. We present a slightly simplified version of textbook NTRU, select parameters for this encryption scheme that target the 128-bit post-quantum security level, construct a KEM that is CCA2-secure in the quantum random oracle model, and present highly optimized software targeting Intel CPUs with the AVX2 vector instruction set. This software takes only 307 914 cycles for the generation of a keypair, 48 646 for encapsulation, and 67 338 for decapsulation. It is, to the best of our knowledge, the first NTRU software with full protection against timing attacks.

KW - AVX2

KW - CCA2-secure KEM

KW - Lattice-based crypto

KW - NTRU

KW - Post-quantum crypto

KW - QROM

UR - http://www.scopus.com/inward/record.url?scp=85030845581&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-66787-4_12

DO - 10.1007/978-3-319-66787-4_12

M3 - Conference contribution

AN - SCOPUS:85030845581

SN - 9783319667867

T3 - Lecture Notes in Computer Science

SP - 232

EP - 252

BT - Cryptographic Hardware and Embedded Systems – CHES 2017 - 19th International Conference, Proceedings

PB - Springer

T2 - 19th International Conference on Cryptographic Hardware and Embedded Systems, (CHES 2017)

Y2 - 25 September 2017 through 28 September 2017

ER -