(I've also posted this message to sci.crypt) Hi list,
NTRU Cryptosystems has posted several new documents, which are avaible through http://www.ntru.com/cryptolab/params.htm. As background: recent results on NTRUEncrypt have shown that decryption failures on validly encrypted messages leak information that eventually allows an attacker to recover the private key. The results do not affect the known difficulty of the underlying class of lattice problems; however, they show that care must be taken in choosing parameters to ensure that decryption failures occur with negligible or zero probability, even in the presence of an adversary who is actively trying to cause such failures. NTRU Cryptosystems is proposing slightly altered parameter sets which decrease the probability of average-case decryption failures, and a padding scheme which ensures that an attacker cannot increase the probability of decryption failures above this average-case probability. The new documents analyze the strength of the new parameter sets against all known attacks on NTRU (lattice-based, meet-in-the- middle, and decryption failure based) and show that for N=251 we comfortably achieve 2^80 security against all of these attacks. We also provide the first ever full proof of security to be presented for NTRUEncrypt. If anyone has any questions, I'll be happy to answer them. Cheers, William =================================== William Whyte Director, Cryptographic R&D NTRU Cryptosystems 5 Burlington Woods Burlington, MA 01803 tel: +1.781.418.2500 fax: +1.781.418.2532 --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]