Ntru suffers 'chosen ciphertext attack'

Ian Grigg iang at systemics.com
Tue Jun 3 08:45:32 EDT 2003 

Ntru gets into trouble when their proprietary
crypto hits a security bug...

    "The technology was perceived to be better, but it's not good enough to
    overcome the objection that no one gets fired for buying RSA [Security
    Inc.products]," said one person close to Ntru.

:-)  Apropos to the roll-your-own debate.

iang

-------- Original Message --------
http://www.eweek.com/print_article/0,3668,a=42686,00.asp
June 2, 2003 
Crypto Maker Changes Course
By Dennis Fisher

New leadership at security developer Ntru CryptoSystems Inc. is hoping a new 
services and consulting strategy will help mitigate the damage caused by 
problems with the company's core encryption algorithm. Once one of the premier 
cryptography companies in the United States, Ntru in the past six months has 
undergone a nearly complete face lift, replacing its CEO, moving away from its 
main business of licensing its cryptographic algorithms, slashing its staff by 
a third and placing many of the remaining employees on part-time status.

The changes at Ntru stem from issues surrounding the company's main 
intellectual property, the NtruEncrypt algorithm. The algorithm is the heart of 
the company's Neo security tool kit line and is the basis for the Ntru public-
key cryptosystem. Last fall, the company discovered there were problems with 
the parameters it had been recommending to customers to improve bandwidth when 
using the algorithm. Specifically, the problems caused random messages to fail 
to decrypt.


As a result, someone could mount what's known as a chosen ciphertext attack, 
which gleans small amounts of information from each failed decryption. Over 
time, the attacker would be able to amass enough data to decrypt an entire 
message, which would call into question the security of every other message 
encrypted using that key.

Although Ntru discovered the problem with the algorithm on its own, several 
groups of security researchers found the same weakness at roughly the same time 
and notified the company.

The problem was an obscure one-affecting just one in 1 trillion messages-but it 
was serious enough to compel Ntru to disclose it to all its customers and 
partners while the company's engineers began working on a new tool kit. Ntru 
executives maintain the problems didn't cost them any customers, and several 
customers contacted by eWEEK refused to comment on the issue. But, 
unfortunately for Ntru, the security community tends to have a long memory when 
it comes to such issues.

Ntru's Shrinking Partnerships


Advanced semiconductor designer
Secure Internet media delivery
Contactless security technology maker
Internet security products vendor
Maker of smart cards, smart-card operating systems
Smart-card industry group
Worldwide electronics manufacturer
Signal processing technology vendor

 
 
"The technology was perceived to be better, but it's not good enough to 
overcome the objection that no one gets fired for buying RSA [Security 
Inc.products]," said one person close to Ntru.

"We got a new tool kit out, and we've written some papers on this problem," 
said William Whyte, director of cryptographic research and development at Ntru, 
based in Burlington, Mass. "I think everyone understands that this is how 
things go. We're working on new parameters, and now we have provable security."

But, as the furor surrounding the algorithm problems began to subside this 
spring, Ntru executives decided to refocus the company's efforts on its nascent 
consulting business. That decision led to a round of layoffs in February that 
slashed the company's payroll to 20-and left many of the remaining employees as 
part-timers.

One high-level casualty of the reorganization at the same time was Scott 
Crenshaw, the former CEO who had been asked to take a diminished role earlier 
in the year. Crenshaw left Ntru and is now attending graduate school at the 
Massachusetts Institute of Technology.

"We looked at the financial picture and found that the skill set we had was 
geared toward getting our [intellectual property] licensed," said Ed King, 
Ntru's former vice president of sales, who is now the company's general 
manager. "But we needed to get more consulting. The layoffs were a one-time 
deal in my mind. By no means are we de-emphasizing the Ntru [intellectual 
property]."

Much of the consulting work at this point is in the form of custom 
cryptographic algorithm development and security audits. But Ntru is also doing 
work with Microsoft Corp., sources said, which could turn into a larger project.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list