investigate junk data for N=11, p=3, q=32 #2

Closed
hasufell opened this Issue May 29, 2014 · 4 comments

Comments

Projects
None yet
1 participant
Owner

hasufell commented May 29, 2014

Some encrypted polynomials don't recover properly with the following setup. Could be related to poly_starmultiply().

N = 11, p = 3, q = 32
f = -1 + x + x^2 - x^4 + x^6 + x^9 - x^10
g = -1 + x^2 + x^3 + x^5 - x^8 - x^10

random polynomial for encryption:
-1 + x^2 + x^3 + x^4 - x^5 - x^7

polynomial to encrypt:
1 - x - x^2 + x^3 + x^4 - x^5 - x^6 + x^7 - x^8 - x^9 + x^10

encrypted polynomial:
16 + 10 * x + 25 * x^2 + 24 * x^3 + 16 * x^4 + 15 * x^5 + 29 * x^6 + 8 * x^7 + 25 * x^8 + 4 * x^9 + 19 * x^10

decrypted polynomial (malformed!):
-x^2 - x^4 - x^5 - x^7 + x^8 - x^9 - x^10

@hasufell hasufell self-assigned this May 29, 2014

@hasufell hasufell added the bug label May 29, 2014

Owner

hasufell commented May 30, 2014

This seems to only happen if the polynomial f for the private key is of degree N - 1. If it is less, then it does not happen.

Owner

hasufell commented Jun 1, 2014

The problem is the following:
Random polynomials for encryption need to hold the following condition in order for the probability of unrecoverable messages to be less than e.g. 2^-80:
q > (6 * d + 1) * p
where d is the amount of -1 and 1 in the random polynomial.

This suggests that the wikipedia article needs a fix.

Reference to the condition above is here: http://www.math.uni-hamburg.de/home/kuehn/moldenhauer-bsc-NTRUKryptosystem-final.pdf

@hasufell hasufell added lib and removed bug labels Jun 3, 2014

Owner

hasufell commented Jun 4, 2014

best we can do is to provide checks for the parameters

@hasufell hasufell closed this Jun 4, 2014

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment