This repository presents an implementation of high-security prime-degree large-Galois-group inert-modulus ideal-lattice-based cryptography on rust programing langudge. “Prime degree” etc. are defenses against potential attacks; see official website.
This implementation uses: Fields of the form (Z/q)[x]/(xp −x−1), where p is prime, are used in “NTRU Prime”, introduced in this paper, and have all of our recommended defenses.
In the context of NTRU Prime, several parameters and notations play a crucial role in defining the cryptographic system.
A parameter set for NTRU Prime is represented as a triple (p, q, w), which forms the foundation of the primary algebraic structures in the system. Let's break down these parameters:
W: The weight parameter W is a positive integer that governs the number of non-zero coefficients within specific polynomials.
P = 653, Q = 4621, W = 288
R3_BYTES - Size of encoded R3 polyRQ_BYTES - Size of bytes encoded Rq polyPUBLICKEYS_BYTES - Size encoded public KeySECRETKEYS_BYTES - Size of Secret KeyDIFFICULT - This parameter is responsible for the complexity of the algorithm for applying statistical analysis to it.Valid Parameter Set Conditions
To ensure the validity of a parameter set, it must meet the following conditions:
2P ≥ 3W: This inequality places a constraint on the relationship between p and w, emphasizing the importance of a balanced selection of these parameters.Q ≥ 16W + 1: Another crucial condition, this inequality imposes restrictions on q relative to the weight parameter w.Notational Abbreviations
For brevity and clarity, the following notational abbreviations are used:
R3: Denotes the ring (Z/3)[x]/P, which is a specific variant related to the ring R. Rq: Represents the field (Z/q)[x]/P, another critical element in the cryptographic system.
You can select parameters through features, you must select parameters!
```
ntrulp = { version = "0.1.7", features = ["ntrup653"] } ntrulp = { version = "0.1.7", features = ["ntrup761"] } ntrulp = { version = "0.1.7", features = ["ntrup857"] } ntrulp = { version = "0.1.7", features = ["ntrup953"] } ntrulp = { version = "0.1.7", features = ["ntrup1013"] } ntrulp = { version = "0.1.7", features = ["ntrup1277"] } ```
bash
cargo add ntrulp
```bash git clone https://github.com/zebra-sh/ntrulp.git cd ntrulp cargo test --features ntrup1277
```
bash
git clone https://github.com/zebra-sh/ntrulp.git
cd ntrulp
cargo bench --features ntrup1277
```rust let mut rng = NTRURandom::new(); let f: Rq = Rq::from(rng.shortrandom().unwrap()); let mut g: R3; let sk = loop { g = R3::from(rng.randomsmall().unwrap());
match PrivKey::compute(&f, &g) {
Ok(s) => break s,
Err(_) => continue,
};
};
let pk = PubKey::compute(&f, &g).unwrap(); let importedpk = PubKey::fromsk(&sk).unwrap(); let pkbytes = importedpk.asbytes(); let frombytes = PubKey::import(&pk_bytes).unwrap();
asserteq!(frombytes.coeffs, pk.coeffs); ```
```rust use std::sync::Arc;
use ntrulp::key::privkey::PrivKey; use ntrulp::key::pubkey::PubKey; use ntrulp::ntru::cipher::{ bytesdecrypt, parallelbytesdecrypt, parallelbytes_encrypt, }; use ntrulp::ntru::errors::NTRUErrors; use ntrulp::random::{CommonRandom, NTRURandom};
fn genkeys<'a>() -> Result<(Arc
match PrivKey::compute(&f, &g) {
Ok(s) => break s,
Err(_) => continue,
};
};
let pk = PubKey::compute(&f, &g).unwrap();
Ok((Arc::new(sk), Arc::new(pk)))
}
let mut rng = NTRURandom::new(); let bytes = Arc::new(rng.randombytes::<1024>().tovec()); let (sk, pk) = genkeys().unwrap();
let numthreads = 4; let encrypted1 = Arc::new(parallelbytesencrypt(&mut rng, &bytes, &pk, numthreads).unwrap()); let decrypted0 = parallelbytesdecrypt(&encrypted1, &sk, numthreads).unwrap(); let decrypted1 = bytesdecrypt(&encrypted1, &sk).unwrap();
assert_eq!(decrypted0, decrypted1); ```
This implementation has not undergone any security auditing and while care has been taken no guarantees can be made for either correctness or the constant time running of the underlying functions. Please use at your own risk.