Efficient Embedded Security Standards (EESS) EESS #1: Implementation Aspects of NTRUEncrypt and NTRUSign Consortium for Efficient Embedded Security June 20th, 2003 Version 2.0 Consortium for Efficient Embedded Security License to copy this document is granted provided it is identified as “Efficient Embedded Security Standards (EESS) #1” in all material referencing it. Comments regarding this document are welcomed by the editor, William Whyte, [email protected]. Efficient Embedded Security Standard (EESS) #1: Version 2 June, 2003 Table of Contents 1 INTRODUCTION....................................................................................................4 1.1 SCOPE........................................................................................................................ 4 1.2 PURPOSE.................................................................................................................... 4 1.3 COMPLIANCE ............................................................................................................... 5 1.4 EESS PUBLICATION GUIDELINES................................................................................... 5 1.5 INTELLECTUAL PROPERTY............................................................................................. 5 2 MATHEMATICAL FOUNDATIONS........................................................................6 2.1 CONVENTIONS AND NOTATION....................................................................................... 6 2.1.1 Notation ........................................................................................................................ 6 2.1.2 Bit Strings and Octet Strings .......................................................................................... 7 2.1.3 Algorithm Specification Conventions .............................................................................. 8 2.2 CONVOLUTION POLYNOMIAL RING REPRESENTATION AND ARITHMETIC .............................. 9 2.2.1 Modular Operations on Integers ..................................................................................... 9 2.2.2 Representation of Polynomials....................................................................................... 9 2.2.3 Convolution Polynomial Rings Over the Integers ............................................................ 9 2.2.4 Basic Convolution Polynomial Ring Arithmetic ................................................................ 9 2.2.5 Reduction of a Polynomial mod q................................................................................. 10 N 2.2.6 Inversion in (Z/qZ)[X]/(X – 1) ...................................................................................... 10 2.2.7 Resultant Generation................................................................................................... 11 2.3 DATA TYPES AND CONVERSIONS ..................................................................................13 2.3.1 Converting Between Bit Strings and Octet Strings (BS2OSP and OS2BSP) .................. 13 2.3.2 Converting Between Integers and Octet Strings (I2OSP and OS2IP)............................. 13 2.3.3 Converting Between Integers and Bit Strings (I2BSP and BS2IP).................................. 14 2.3.4 Converting Between Ring Elements and Octet Strings (RE2OSP and OS2REP) ........... 14 2.3.5 Converting Between Ring Elements and Bit Strings (RE2BSP and BS2REP) ................ 15 2.3.6 Converting Between Ring Elements and Packed Octet Strings (RE2POSP and POS2REP)............................................................................................................................ 16 2.3.7 Converting Between Binary Ring Elements and Octet Strings (ME2BSP and BS2MEP). 16 3 CRYPTOGRAPHIC BUILDING BLOCKS............................................................18 3.1 NTRUENCRYPT COMPONENTS ....................................................................................18 3.1.1 NTRUEncrypt Domain Parameters............................................................................... 18 3.1.2 NTRUEncrypt Security Parameters .............................................................................. 19 3.1.3 NTRUEncrypt Scheme Options.................................................................................... 20 3.2 NTRUENCRYPT PRIMITIVES.........................................................................................23 3.2.1 NTRUEncrypt Key Generation Primitives...................................................................... 23 3.2.2 NTRUEncrypt Encryption Primitives ............................................................................. 24 3.2.3 NTRUEncrypt Decryption Primitives ............................................................................. 24 3.2.4 NTRUEncrypt Decryption Primitive: SVDP-NTRU2....................................................... 24 3.3 NTRUENCRYPT ENCODING METHODS ..........................................................................25 3.3.1 NTRUEncrypt Blinding Value Generation Methods ....................................................... 25 3.4 NTRUSIGN COMPONENTS...........................................................................................26 3.4.1 NTRUSign Domain Parameters ................................................................................... 26 3.4.2 NTRUSign Security Parameters................................................................................... 27 3.4.3 NTRUSign Scheme Options......................................................................................... 29 3.5 NTRUSIGN PRIMITIVES ...............................................................................................32 3.5.1 NTRUSign Key Generation Primitives .......................................................................... 32 3.5.2 NTRUSign Signature Primitives ................................................................................... 34 3.5.3 NTRUSign Verification Primitives ................................................................................. 35 3.6 NTRUSIGN ENCODING METHODS.................................................................................36 3.6.1 NTRUSign Message Representative Generation Methods ............................................ 36 Page 2 of 78 Efficient Embedded Security Standard (EESS) #1: Version 2 June, 2003 3.7 SUPPORTING ALGORITHMS ..........................................................................................38 3.7.1 Hash Functions ........................................................................................................... 38 3.7.2 Mask Generation Functions ......................................................................................... 40 3.7.3 Pseudo-Random Number Generation........................................................................... 41 3.7.4 Random Number Generation ....................................................................................... 43 4 NTRUENCRYPT ENCRYPTION SCHEME (SVES) .............................................44 4.1 NTRUENCRYPT ENCRYPTION SCHEME (SVES) OVERVIEW ............................................44 4.2 NTRUENCRYPT ENCRYPTION SCHEME (SVES) OPERATIONS.........................................45 4.2.1 NTRUEncrypt Key Generation ..................................................................................... 45 4.2.2 NTRUEncrypt Encryption Scheme SVES-3: Encryption ................................................ 46 4.2.3 NTRUEncrypt Encryption Scheme SVES-3: Decryption ................................................ 47 4.3 SUPPORTED PARAMETER SETS ....................................................................................48 4.3.1 ees251ep4.................................................................................................................. 48 4.3.2 ees251ep5.................................................................................................................. 49 5 NTRUSIGN SIGNATURE SCHEME (SVSSA) .....................................................50 5.1 NTRUSIGN SIGNATURE SCHEME (SVSSA) OVERVIEW ..................................................50 5.2 NTRUSIGN SIGNATURE SCHEME (SVSSA) OPERATIONS ...............................................51 5.2.1 NTRUSign Key Generation .......................................................................................... 51 5.2.2 NTRUSign Signature Operation ................................................................................... 52 5.2.3 NTRUSign Verification Operation................................................................................. 52 5.3 SUPPORTED PARAMETER CHOICES...............................................................................53 5.3.1 ees251sp2 .................................................................................................................. 53 5.3.2 ees251sp3 .................................................................................................................. 54 5.3.3 ees251sp4 .................................................................................................................. 55 5.3.4 ees251sp5 .................................................................................................................. 56 5.3.5 ees251sp6 .................................................................................................................. 56 5.3.6 ees251sp7 .................................................................................................................. 57