Is Ntru-Encrypt still secure in 2022

morthy

8/8/23, 1:20 PM

I'm going to use NTRU as post-quantum public-key encryption algo in my project.
I've googled attacks on NTRU and found a lot of them
but since I'm new to NTRU and don't understand the math used, and could not conclude whether NTRU is still secure, if yes which parameter sets are secure?

For 256bit security, I found EES743EP1 and NIST NTRU-HRSS and NTRU-HPS Wikipedia article says the latter one is secure against MOST attacks and says nothing about others.

My current library supports EES1087EP2 ,EES1171EP1,EES1499EP1 ,EES743EP1 are they secure? or I should switch to NTRU-HRSS or I'm better not to use NTRU?
(i don't care about speed and prefer security over performance )

Thanks in advance

114

0 + 0

post-quantum-cryptography

ntru

attack

kelalaka

8/8/23, 7:04 PM

Wait for the finalization of the NIST PQC?

Maarten Bodewes

8/8/23, 9:30 PM

Normally I would say that if it is a final candidate for the NIST PQC that it would be considered secure, however with the current state I might get hammered into submission by Bernstein, as he certainly expressed doubts about the security of the CRYSTALS submissions (Kyber and Dilithium)

morthy

8/8/23, 11:56 PM

@MaartenBodewes my question only concerns attacks published/known till now,as far as I know NTRU is in the market for decades so current research doe it should be more reliable than new algo proposed

morthy

8/9/23, 3:53 PM

@kelalaka ok thanks, do you know if EES743EP1 is secure from attacks published till now? (as said in question Wikipedia only talks about NIST NTRU-HRSS)

forest

8/9/23, 9:05 PM

How do you define "secure from attacks"? Bringing the security below the minimum security level decided by NIST? Bringing the security low enough that attacks are practical? An improvement in any attack at all? None of the supported algorithms you mentioned are _fatally_ broken, at least.

morthy

8/9/23, 9:21 PM

@forest sorry i should have told clearly , I mean security blow minimum level (~112/128bit)

forest

8/9/23, 10:15 PM

@morthy I'm not writing an answer right now because I'm not completely sure, but I'm _pretty_ sure that no serious attacks exist against the listed parameters. Relevant: https://crypto.stackexchange.com/q/88567/54184

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Is Ntru-Encrypt still secure in 2022

TH: Ntru-Encrypt ยังคงปลอดภัยในปี 2565 หรือไม่

RO: Este Ntru-Encrypt încă sigur în 2022

RU: Является ли Ntru-Encrypt все еще безопасным в 2022 году

VI: Ntru-Encrypt có còn an toàn vào năm 2022 không

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.