Anyone familiar with ntru?
Dean Povey
povey at dstc.qut.edu.au
Wed Jan 9 17:41:17 EST 2002
>And the communication given at the rump session of crypto2001.
>Back there an attack and a fix were simultaneously presented.
>I couldn't find nor remember the details, see
>http://www.ntru.com/technology/tech.scrutiny.htm for some more
>info.
Without having the opportunity to have a really good look at NTRU, the
basic deal is that the NSS algorithm (including some of the fixes) is
pretty much completely broken. There was a good paper on the break given
at Asiacrypt 2001. NTRU seems to have admitted defeat and basically
chucked away the whole NSS design and started again and are now using
something called NTRUsign. None of the attacks on NSS were attacks on the
underlying hard problem though, so NTRUSign may survive. But it kind of
makes you nervous.
--
Dean Povey, |em: dpovey at wedgetail.com| JCSI: Java security toolkit
Senior S/W Developer |ph: +61 7 3864 5120 | uPKI: Embedded/C PKI toolkit
Wedgetail Communications |fax: +61 7 3864 1282 | uASN.1: ASN.1 Compiler
Brisbane, Australia |www: www.wedgetail.com | XML Security: XML Signatures
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list