NTRU系統之實作演算法分析

Pei-Hsuan Chang; 張霈萱

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/85180

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	陳君明(Jiun-Ming Chen)
dc.contributor.author	Pei-Hsuan Chang	en
dc.contributor.author	張霈萱	zh_TW
dc.date.accessioned	2023-03-19T22:48:35Z	-
dc.date.copyright	2022-08-18
dc.date.issued	2022
dc.date.submitted	2022-08-08
dc.identifier.citation	[1] W. Diﬃe and M. Hellman, “New directions in cryptography,” IEEE Transactions on Information Theory, vol. 22, no. 6, pp. 644–654, 1976, https://doi.org/10.1109/ TIT.1976.1055638. [2] R. L. Rivest, A. Shamir, and L. Adleman, “A method for obtaining digital signatures and public-key cryptosystems,” Commun. ACM, vol. 21, no. 2, p. 120–126, feb 1978, https://doi.org/10.1145/359340.359342. [3] T. Elgamal, “A public key cryptosystem and a signature scheme based on discrete logarithms,” IEEE Transactions on Information Theory, vol. 31, no. 4, pp. 469–472, 1985, https://doi.org/10.1109/TIT.1985.1057074. [4] V. Shoup, “A proposal for an iso standard for public key encryption,” Cryptology ePrint Archive, Paper 2001/112, 2001, https://eprint.iacr.org/2001/112. [5] P. W. Shor, “Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer,” SIAM Journal on Computing, vol. 26, no. 5, pp. 1484–1509, oct 1997, https://doi.org/10.1137/S0097539795293172. [6] C. Chen, O. Danba, J. Hoﬀstein, A. Hülsing, J. Rijneveld, J. M. Schanck, T. Saito, P. Schwabe, W. Whyte, K. Xagawa, T. Yamakawa, and Z. Zhang, https://csrc.nist. gov/Projects/post-quantum-cryptography/round-3-submissions, 2020. [7] J. Hoﬀstein, J. Pipher, and J. H. Silverman, “NTRU: A new high speed public key cryptosystem,” 1996, https://web.securityinnovation.com/hubfs/ﬁles/ntru-orig.pdf. [8] ——, “NTRU: A ring-based public key cryptosystem,” Berlin, Heidelberg, pp. 267– 288, 1998, https://doi.org/10.1007/BFb0054868. [9] D. J. Bernstein and B.-Y. Yang, “Fast constant-time gcd computation and modular inversion,” IACR Transactions on Cryptographic Hardware and Embedded Systems, vol. 2019, no. 3, p. 340–398, May 2019, https://tches.iacr.org/index.php/TCHES/ article/view/8298. [10] C.-M. M. Chung, V. Hwang, M. J. Kannwischer, G. Seiler, C.-J. Shih, and B.- Y. Yang, “NTT multiplication for NTT-unfriendly rings: New speed records for saber and NTRU on Cortex-M4 and AVX2,” IACR Transactions on Cryptographic Hardware and Embedded Systems, vol. 2021, no. 2, p. 159–188, Feb. 2021, https://tches.iacr.org/index.php/TCHES/article/view/8791. [11] D. Bernstein, “Multidigit multiplication for mathematicians,” 2001, http://cr.yp.to/ papers.html#m3. [12] I. J. Good, “Random motion on a ﬁnite abelian group,” Mathematical Proceedings of the Cambridge Philosophical Society, vol. 47, no. 4, p. 756–762, 1951, https://doi.org/10.1017/S0305004100027201. [13] J. H. Silverman, “Fast multiplication in ﬁnite ﬁelds GF(2n),” in Cryptographic Hard- ware and Embedded Systems, Ç. K. Koç and C. Paar, Eds. Berlin, Heidelberg: Springer Berlin Heidelberg, 1999, pp. 122–134, https://link.springer.com/content/ pdf/10.1007/3-540-48059-5_12.pdf. [14] M.-H. Tsai, “An eﬃcient FPGA implementation of streamlined NTRU prime,” Mas- ter’s thesis, Graduate Institute of Electronics Engineering, National Taiwan Univer- sity, https://hdl.handle.net/11296/p95uu8.
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/85180	-
dc.description.abstract	在可預期的未來內，量子電腦的技術將漸趨成熟。而秀爾演算法的發現將威脅基於整數分解與離散對數問題的傳統公鑰密碼系統，包含RSA、ElGamal加密以及ECIES。因此，後量子密碼系統必將取代傳統公鑰密碼系統。在本文中，我們將先介紹作為美國國家標準暨技術研究院（NIST）第三輪後量子密碼競賽候選演算法之一的NTRU密碼系統。其後，將針對兩種參數集——NTRU-HPS以及NTRU-HRSS——討論其密鑰生成時的可逆性並給出解密正確性證明。在這些數學理論的討論後，我們將把焦點轉往實作上。我們將設計並分析實作NTRU所需使用的演算法。實作的目標參數集設定為具有NIST安全等級3的ntruhps2948677。這部分將包含如何實作多項式反元素、多項式乘法以及如何對有號整數做模3的計算。	zh_TW
dc.description.abstract	In the foreseeable future, quantum computers will be at a stage. Due to Shor’s algorithm, it threatens the safety of traditional public-key-cryptosystem which is based on the hardness of integer factorization and discrete logarithms, including RSA, ElGamal encryption, and ECIES. Therefore, post-quantum cryptography (PQC) must replace these traditional public-key-cryptosystems. In this paper, we will first introduce the NTRU system (N-th degree Truncated polynomial Ring Units), which is a finalist of NIST (National Institute of Standards and Technology}) 3rd round post-quantum cryptography competition. We will study the invertibility in the key generation and also give a correctness proof of two types of parameter sets: NTRU-HPS and NTRU-HRSS. After these mathematical discussions, we will move our attention to the implementation. We aim to design and analyze algorithms for the implementation of NTRU. The target parameter set is ntruhps2948677, which has NIST security level 3. This will include how to implement computations of polynomial inverse, polynomial arithmetic, and reduction modulo 3 of signed integers.	en
dc.description.provenance	Made available in DSpace on 2023-03-19T22:48:35Z (GMT). No. of bitstreams: 1 U0001-0508202221340100.pdf: 901797 bytes, checksum: a54472562840306c44c6936556c9170f (MD5) Previous issue date: 2022	en
dc.description.tableofcontents	口試委員會審定書 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . i 致謝. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .ii 摘要. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iii Abstract. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .iv List of Figures . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii List of Tables. . . . . . . . . . . . . . . . . . . . . . . . . . . . .viii 1 Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 2 Notations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 3 NTRU Algorithm. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 3.1 The Parameter Sets. . . . . . . . . . . . . . . . . . . . . . . . . 6 3.2 Invertibility in Key Generation . . . . . . . . . . . . . . . . . . 9 3.3 Correctness Proof . . . . . . . . . . . . . . . . . . . . . . . . .10 4 Implementation. . . . . . . . . . . . . . . . . . . . . . . . . . . . .17 4.1 Polynomial Multiplication in R/q. . . . . . . . . . . . . . . . . .17 4.1.1 The FFT-based polynomial multiplication . . . . . . . . . . . .18 4.1.2 The Cooley–Tukey and Gentleman–Sande Butterfly. . . . . . . . .19 4.1.3 Good’s Trick for NTT. . . . . . . . . . . . . . . . . . . . . .20 4.1.4 Applying NTT on NTRU. . . . . . . . . . . . . . . . . . . . . .21 4.2 Polynomial Multiplication in S/q and S/3. . . . . . . . . . . . . .22 4.3 Bit-Level Procedure for Squaring/Multiplication in S/2. . . . . . .23 4.4 Polynomial Inversion. . . . . . . . . . . . . . . . . . . . . . . .25 4.4.1 Polynomial Inversion in S/2 . . . . . . . . . . . . . . . . . .25 4.4.2 Polynomial Inversion in S/q . . . . . . . . . . . . . . . . . .27 4.4.3 Polynomial Inversion in S/3 . . . . . . . . . . . . . . . . . .28 4.5 Bit-Wise Operation of Modulo 3. . . . . . . . . . . . . . . . . . .31 4.6 Systolic Architecture Design. . . . . . . . . . . . . . . . . . . .33 5 Conclusions and Future Works. . . . . . . . . . . . . . . . . . . . . .35 References. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36
dc.language.iso	en
dc.subject	硬體實作	zh_TW
dc.subject	後量子密碼學	zh_TW
dc.subject	多項式乘法	zh_TW
dc.subject	多項式反元素	zh_TW
dc.subject	NTRU	zh_TW
dc.subject	美國國家標準暨技術研究院	zh_TW
dc.subject	polynomial inversion	en
dc.subject	NIST	en
dc.subject	post-quantum cryptography	en
dc.subject	NTRU	en
dc.subject	hardware implementation	en
dc.subject	polynomial multiplication	en
dc.title	NTRU系統之實作演算法分析	zh_TW
dc.title	Algorithm Analysis for the Implementation of NTRU Cryptosystem	en
dc.type	Thesis
dc.date.schoolyear	110-2
dc.description.degree	碩士
dc.contributor.oralexamcommittee	陳榮傑(Rong-Jaye Chen),陳君朋(Jiun-Peng Chen),楊柏因(Bo-Yin Yang),謝致仁(Jyh-Ren Shieh)
dc.subject.keyword	美國國家標準暨技術研究院,後量子密碼學,NTRU,硬體實作,多項式乘法,多項式反元素,	zh_TW
dc.subject.keyword	NIST,post-quantum cryptography,NTRU,hardware implementation,polynomial multiplication,polynomial inversion,	en
dc.relation.page	38
dc.identifier.doi	10.6342/NTU202202107
dc.rights.note	同意授權(限校園內公開)
dc.date.accepted	2022-08-08
dc.contributor.author-college	理學院	zh_TW
dc.contributor.author-dept	數學研究所	zh_TW
dc.date.embargo-lift	2022-08-18	-
顯示於系所單位：	數學系

文件中的檔案：

檔案	大小	格式
U0001-0508202221340100.pdf 授權僅限NTU校內IP使用（校園外請利用VPN校外連線服務）	880.66 kB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。