Fault Analysis of the NTRUEncrypt Cryptosystem

概要

論文の詳細を見る
In this paper, we present a fault analysis of the original NTRU public key cryptosystem. The fault model in which we analyze the cipher is the one in which the attacker is assumed to be able to fault a small number of coefficients of the polynomial input to (or output from) the second step of the decryption process but cannot control the exact location of injected faults. For this specific original instantiation of the NTRU encryption system with parameters (N,p,q), our attack succeeds with probability ≈ 1 - 1/p and when the number of faulted coefficients is upper bounded by t, it requires O((pN)t) polynomial inversions in Z/pZ[x]/(xN - 1).