Document Zbl 1127.94014 - zbMATH Open
Examples
Geometry Search for the term Geometry in any field. Queries are case-independent.
Funct* Wildcard queries are specified by * (e.g. functions, functorial, etc.). Otherwise the search is exact.
"Topological group" Phrases (multi-words) should be set in "straight quotation marks".
au: Bourbaki & ti: Algebra Search for author and title. The and-operator & is default and can be omitted.
so: Eur* J* Mat* Soc* cc: 14 Search for publications in a particular source with a Mathematics Subject Classification code (cc) in 14.
dt: b & au: Hilbert The document type is set to books; alternatively: j for journal articles, a for book articles.
la: chinese Find documents in a given language. ISO 639-1 language codes can also be used.
Fields
| any | anywhere |
| an | internal document identifier |
| au | author, editor |
| ai | internal author identifier |
| ti | title |
| la | language |
| so | source |
| ab | review, abstract |
| py | publication year |
| rv | reviewer |
| cc | MSC code |
| ut | uncontrolled term |
| dt | document type (j: journal article; b: book; a: book article) |
Operators
| a & b | logic and |
| a | b | logic or |
| !ab | logic not |
| abc* | right wildcard |
| "ab c" | phrase |
| (ab c) | parentheses |
See also our General Help.
New chosen-ciphertext attacks on NTR. (English) Zbl 1127.94014
Okamoto, Tatsuaki (ed.) et al., Public key cryptography – PKC 2007. 10th international conference on practice and theory in public-key cryptography, Beijing, China, April 16–20, 2007. Proceedings. Berlin: Springer (ISBN 978-3-540-71676-1/pbk). Lecture Notes in Computer Science 4450, 89-106 (2007).
Summary: We present new and efficient key-recovery chosen-ciphertext attacks on NTRUencrypt. Our attacks are somewhat intermediate between chosen-ciphertext attacks on NTRUencrypt previously published at CRYPTO ’00 [É. Jaulmes and A. Joux, Adv. Cryptology – CRYPTO 2000, Lect. Notes Comput. Sci. 1880, 20–35 (2000; Zbl 0995.94525)] and CRYPTO ’03 [N. Howgrave-Graham et al., Lect. Notes Comput. Sci. 2729, 226–246 (2003; Zbl 1122.94377)]. Namely, the attacks only work in the presence of decryption failures; we only submit valid ciphertexts to the decryption oracle, where the plaintexts are chosen uniformly at random; and the number of oracle queries is small. Interestingly, our attacks can also be interpreted from a provable security point of view: in practice, if one had access to a NTRUencrypt decryption oracle such that the parameter set allows decryption failures, then one could recover the secret key. For instance, for the initial NTRU-1998 parameter sets, the output of the decryption oracle on a single decryption failure is enough to recover the secret key.
For the entire collection see [Zbl 1116.94001].