-
Notifications
You must be signed in to change notification settings - Fork 34
/
README
160 lines (117 loc) · 6.74 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
The NTRU Cryptosystem
A Java implementation of the NTRU public-key cryptosystem, consisting of
the encryption scheme NTRUEncrypt and the signature scheme NTRUSign.
NTRU's main strengths are high performance and resistance to quantum
computer attacks.
NTRU keys are longer than ECC keys; they can be longer or shorter than RSA
keys depending on the security level.
The NTRUSign algorithm has been broken and is included only for historical
interest.
NTRUEncrypt remains unbroken; its main drawback is that it is patent
encumbered. It is safe to use NTRUEncrypt under the GPL (see
https://github.com/NTRUOpenSourceProject/ntru-crypto#is-ntru-patented) but
if you choose any other license, you should talk to the patent holder first.
http://en.wikipedia.org/wiki/NTRUEncrypt
http://en.wikipedia.org/wiki/NTRUSign
The implementation follows IEEE P1363.1 for NTRUEncrypt and the EESS
(http://grouper.ieee.org/groups/1363/lattPK/submissions/EESS1v2.pdf)
for NTRUSign.
NtruEncrypt Usage
The first step is always to create an NtruEncrypt instance by calling the
constructor with an EncryptionParameters object representing the desired
algorithm parameters.
It is recommended to use one of the predefined parameter sets which are
available as constants in EncryptionParameters, but new ones can be created
as well.
After an NtruEncrypt instance has been created, it can be used to generate
new key pairs, and encrypt / decrypt messages.
Encrypting a message is done by calling encrypt() which takes the following
parameters:
1. the message itself as a byte array. Strings can be encrypted after
converting them to byte[] via getBytes()
2. an EncryptionPublicKey, which can be generated via
NtruEncrypt.generateKeyPair() or an existing key can be reconstructed
from a byte array by calling new EncryptionPublicKey(byte[])
The encrypted message is returned as a byte array.
Decrypting a message is done by calling decrypt() which takes the message,
an EncryptionKeyPair containing the public and private keys, and the
encryption parameters. The parameters used for decrypting must be the same
as the ones used to encrypt the message; the same goes for the public key.
Like all public-key encryption schemes, NtruEncrypt can only encrypt a
limited number of data. To find out how long a NTRU message can be, use the
method EncryptionParameters.getMaxMessageLength().
To encrypt larger amounts of data, use symmetric encryption and encrypt the
symmetric key with NTRU. The sample program AesExample shows how to do this.
NtruSign Usage
The NtruSign algorithm was broken in 2012 by Ducas and Nguyen; it should not
be used. See
http://www.di.ens.fr/~ducas/NTRUSign_Cryptanalysis/DucasNguyen_Learning.pdf
for details.
Key Import / Export
Encryption keys and signature keys can be written to a file via the writeTo
methods by supplying a FileOutputStream. The key can then be read from the
file by passing a FileInputStream to the appropriate constructor.
Keys are encoded raw, so the array contains no information about the
parameters used. It is advisable to first write the parameters, then the
key. Parameters can be written to an OutputStream just like keys, and just
like keys they have a constructor that takes an InputStream.
Keys can also be converted to and from byte arrays.
NTRUEncrypt keys (but not NTRUSign keys) can be created from a passphrase
by calling generateKeyPair(char[], byte[]) with a passphrase and a salt
value. The passphrase is a char array rather than a string so it can be
cleared from memory when it is no longer needed.
The salt parameter makes attacks using precomputed keys harder. It should be
a random value that is generated once and stored. The method generateSalt()
can be used to generate a salt value.
Parameter Sets
It is generally recommended to use the APR2011_439_FAST or APR2011_743_FAST
parameter set for encryption. The security levels are 128 and 256 bits,
respectively.
Error Conditions
Errors cause a NtruException with an appropriate message and/or cause to be
thrown. NtruException is an unchecked exception.
Sample Programs
The net.sf.ntru.demo package contains several small console programs:
SimpleExample A minimal example showing how to use NTRUEncrypt and
NTRUSign
AesExample Demonstrates how to encrypt arbitrary-length messages
using NTRUEncrypt and AES
Benchmark Benchmarks NTRUEncrypt against RSA and ECC
Timings Similar to Benchmark but only NTRUEncrypt and NTRUSign are
benchmarked, and the output is in table format.
The src/main/android directory contains a simple Android app similar
to SimpleExample. It has been tested with Android 4.0.3.
To build and run the app, follow these steps:
1) Start Eclipse and make sure you have the ADT plugin installed
2) Create a new Android project. Enter net.sf.ntru.demo for the package
name and NtruActivity for the activity.
3) Replace the generated AndroidManifest.xml with the NTRU version from
src/main/android/AndroidManifest.xml
4) Replace the generated NtruActivity.java with the NTRU version from
src/main/android/net/sf/ntru/demo/NtruActivity.java
5) Create a folder named libs in your Eclipse project and copy the NTRU
.jar into the new folder, then refresh the project in Eclipse.
6) In the package explorer, right click on your project and select
Run As -> Android Application.
Maven Artifact
NTRU is available from the Maven central repository.
<dependency>
<groupId>net.sf.ntru</groupId>
<artifactId>ntru</artifactId>
<version>1.2</version>
</dependency>
Other NTRU implementations
* As of Bouncy Castle 1.47 (http://bouncycastle.org/), it contains a fork of
this library in the bprov-ext and lcrypto jars.
* There is a C implementation of NTRUEncrypt at
https://github.com/tbuktu/libntru
* and another one at
https://github.com/NTRUOpenSourceProject/ntru-crypto
Further reading
Original NTRUEncrypt paper: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.25.8422&rep=rep1&type=pdf
Follow-up NTRUEncrypt paper: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.64.6834&rep=rep1&type=pdf
Original NTRUSign paper: http://www.math.brown.edu/~jpipher/NTRUSign_RSA.pdf
Follow-up NTRUSign paper: http://grouper.ieee.org/groups/1363/WorkingGroup/presentations/NTRUSignParams-2005-08.pdf
NTRU articles (technical and mathematical): http://www.securityinnovation.com/security-lab/crypto.html
Jeffrey Hoffstein et al: An Introduction to Mathematical Cryptography, Springer-Verlag, ISBN 978-0-387-77993-5
EESS: http://grouper.ieee.org/groups/1363/lattPK/submissions/EESS1v2.pdf