International Symposium on Electronic Commerce and Security
Research on PKI Model Based on NTRU Shimin Wei and Zepeng Zhuo College of Computer Science and Technique Huaibei Coal Normal University, Huaibei 235000, Anhui, China
[email protected] The paper is organized as follows. In section 2 we give a short summary of the optimized NTRU cryptosystem. Section 3 describes the NTRUSign. In section 4 we propose the model of PKI based on the optimized NTRU and NTRUSign. The feature of this model is analyzed in section 5. Section 6 is the conclusion.
Abstract With the development of computer network, there are higher demands for the computer network security. PKI is the popular technology for the information security. A model of PKI based on NTRU is proposed, and then the character of this model is analyzed, so the practicality of the model is validated.
2. Description of the optimized NTRU cryptosystem
1. Introduction
We briefly recall the optimized NTRU system [2] (see [2, 3] for details). Let N be an odd prime. We will be working over the ring R=Z[x]/(xN−1). The ring R is identified with the set of integer polynomials of degree less than N. Multiplication in R is denoted by *. We set p=x+2∈R, and fix a positive integer q relatively prime to p. An element F∈R will be written as a polynomial or a vector,
A Public Key Infrastructure (PKI) provides practical use of public key cryptography proposed by Diffie and Hellmann. Entities register for the services of the PKI in order for them to achieve security goals like authenticity and confidentiality using digital signatures and encryption. A PKI is usually composed of two components namely the Registration Authority (RA) and the Certification Authority (CA). The task of the RA is to register an end-user in the PKI by examining its credentials. This user may either already possess a key pair or not. In the first case, the public key is provided by the user to the RA during registration and forwarded to the CA that issues the certificate. In the second case, the key pair is produced by the CA and, together with the issued certificate, delivered to the user. In either case, the CA has to guarantee that finally the certificate is issued for the user that owns the corresponding private key. The NTRU Cryptosystem was first presented by Hoffstein, Pipher and Silverman in 1996 (see [1] for details). It is a ring-based cryptosystem operating in the polynomial ring R=Z[x]/(xN−1) where N is the security parameter. NTRU features reasonably short, easily created keys, high speed, and low memory requirements. NTRU encryption and decryption use a mixing system suggested by polynomial algebra combined with a clustering principle based on elementary probability theory. NTRU has achieved considerable attention because of its encryption and decryption speed and the easiness of creasing public key/secret key pairs, which makes it practical to change keys frequently. The NTRUSign is a new family of signature schemes based on solving the approximate closet vector problem in NTRU type lattices.
978-0-7695-3258-5/08 $25.00 © 2008 IEEE DOI 10.1109/ISECS.2008.119
F =
N −1
∑ Fx i
i =0
i
=[ F0 , F1 , " , FN −1 ] .
This multiplication is given explicitly as a cyclic convolution product, F*G=H=[H0, H1, …, H N−1], with k
H k = ∑ Fi G k −i + i =0
N −1
∑FG i
i = k +1
N + k −i
=
∑FG
i i + j ≡ k (mod N )
j
2.1. Key generation Choose random polynomials F, g∈R with small coefficients and set f=1+pF. Compute the polynomials f=1+p∗F, f∗f−1≡1 (mod q), h≡pg∗f−1 (mod q). The public key is h and the private key is f.
2.2. Encryption The plaintext m is a polynomial with coefficients taken mod p. Choose a random polynomial r with small coefficients. The ciphertext is e≡r∗h+m (mod q).
2.3. Decryption
338
The signer next computes s and t as s≡f∗B+ F∗b (mod q), t≡g∗B+G∗b (mod q).
Compute a≡e∗f (mod q). Choosing the coefficients of a to satisfy A≤ai
