Ntru suffers 'chosen ciphertext attack'
Ian Grigg
iang at systemics.com
Tue Jun 3 08:45:32 EDT 2003
Ntru gets into trouble when their proprietary
crypto hits a security bug...
"The technology was perceived to be better, but it's not good enough to
overcome the objection that no one gets fired for buying RSA [Security
Inc.products]," said one person close to Ntru.
:-) Apropos to the roll-your-own debate.
iang
-------- Original Message --------
http://www.eweek.com/print_article/0,3668,a=42686,00.asp
June 2, 2003
Crypto Maker Changes Course
By Dennis Fisher
New leadership at security developer Ntru CryptoSystems Inc. is hoping a new
services and consulting strategy will help mitigate the damage caused by
problems with the company's core encryption algorithm. Once one of the premier
cryptography companies in the United States, Ntru in the past six months has
undergone a nearly complete face lift, replacing its CEO, moving away from its
main business of licensing its cryptographic algorithms, slashing its staff by
a third and placing many of the remaining employees on part-time status.
The changes at Ntru stem from issues surrounding the company's main
intellectual property, the NtruEncrypt algorithm. The algorithm is the heart of
the company's Neo security tool kit line and is the basis for the Ntru public-
key cryptosystem. Last fall, the company discovered there were problems with
the parameters it had been recommending to customers to improve bandwidth when
using the algorithm. Specifically, the problems caused random messages to fail
to decrypt.
As a result, someone could mount what's known as a chosen ciphertext attack,
which gleans small amounts of information from each failed decryption. Over
time, the attacker would be able to amass enough data to decrypt an entire
message, which would call into question the security of every other message
encrypted using that key.
Although Ntru discovered the problem with the algorithm on its own, several
groups of security researchers found the same weakness at roughly the same time
and notified the company.
The problem was an obscure one-affecting just one in 1 trillion messages-but it
was serious enough to compel Ntru to disclose it to all its customers and
partners while the company's engineers began working on a new tool kit. Ntru
executives maintain the problems didn't cost them any customers, and several
customers contacted by eWEEK refused to comment on the issue. But,
unfortunately for Ntru, the security community tends to have a long memory when
it comes to such issues.
Ntru's Shrinking Partnerships
Advanced semiconductor designer
Secure Internet media delivery
Contactless security technology maker
Internet security products vendor
Maker of smart cards, smart-card operating systems
Smart-card industry group
Worldwide electronics manufacturer
Signal processing technology vendor
"The technology was perceived to be better, but it's not good enough to
overcome the objection that no one gets fired for buying RSA [Security
Inc.products]," said one person close to Ntru.
"We got a new tool kit out, and we've written some papers on this problem,"
said William Whyte, director of cryptographic research and development at Ntru,
based in Burlington, Mass. "I think everyone understands that this is how
things go. We're working on new parameters, and now we have provable security."
But, as the furor surrounding the algorithm problems began to subside this
spring, Ntru executives decided to refocus the company's efforts on its nascent
consulting business. That decision led to a round of layoffs in February that
slashed the company's payroll to 20-and left many of the remaining employees as
part-timers.
One high-level casualty of the reorganization at the same time was Scott
Crenshaw, the former CEO who had been asked to take a diminished role earlier
in the year. Crenshaw left Ntru and is now attending graduate school at the
Massachusetts Institute of Technology.
"We looked at the financial picture and found that the skill set we had was
geared toward getting our [intellectual property] licensed," said Ed King,
Ntru's former vice president of sales, who is now the company's general
manager. "But we needed to get more consulting. The layoffs were a one-time
deal in my mind. By no means are we de-emphasizing the Ntru [intellectual
property]."
Much of the consulting work at this point is in the form of custom
cryptographic algorithm development and security audits. But Ntru is also doing
work with Microsoft Corp., sources said, which could turn into a larger project.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list