如何获取NTRU参数

Question

我正在使用赏金城堡实现NTRU，这是我的代码：

NTRUEncryptionKeyGenerationParameters ntruEncryptionKeyGenerationParameters = NTRUEncryptionKeyGenerationParameters.EES1087EP2;
NTRUEncryptionKeyPairGenerator ntruEncryptionKeyPairGenerator = new NTRUEncryptionKeyPairGenerator();
ntruEncryptionKeyPairGenerator.init(ntruEncryptionKeyGenerationParameters);
AsymmetricCipherKeyPair asymmetricCipherKeyPair = ntruEncryptionKeyPairGenerator.generateKeyPair();
NTRUEncryptionPrivateKeyParameters ntruEncryptionPrivateKeyParameters = (NTRUEncryptionPrivateKeyParameters) asymmetricCipherKeyPair.getPrivate();

NTRUEncryptionPublicKeyParameters ntruEncryptionPublicKeyParameters = (NTRUEncryptionPublicKeyParameters) asymmetricCipherKeyPair.getPublic();
NTRUEngine ntruEngine = new NTRUEngine();
ntruEngine.init(true, ntruEncryptionPublicKeyParameters);

问题是如何得到f多项式和基，因为我只找到了fp(f的逆，它们没有逆方法)和基？我已经查找了javadocs，但没有结果。

Answer 1

您可以从NTRUEncryptionKeyPairGenerator类中找到它。

public AsymmetricCipherKeyPair generateKeyPair()
{
    int N = params.N;
    int q = params.q;
    int df = params.df;
    int df1 = params.df1;
    int df2 = params.df2;
    int df3 = params.df3;
    int dg = params.dg;
    boolean fastFp = params.fastFp;
    boolean sparse = params.sparse;

    Polynomial t;
    IntegerPolynomial fq;
    IntegerPolynomial fp = null;

    // choose a random f that is invertible mod 3 and q
    while (true)
    {
        IntegerPolynomial f;

        // choose random t, calculate f and fp
        if (fastFp)
        {
            // if fastFp=true, f is always invertible mod 3
            t = params.polyType == NTRUParameters.TERNARY_POLYNOMIAL_TYPE_SIMPLE ? Util.generateRandomTernary(N, df, df, sparse, params.getRandom()) : ProductFormPolynomial.generateRandom(N, df1, df2, df3, df3, params.getRandom());
            f = t.toIntegerPolynomial();
            f.mult(3);
            f.coeffs[0] += 1;
        }
        else
        {
            t = params.polyType == NTRUParameters.TERNARY_POLYNOMIAL_TYPE_SIMPLE ? Util.generateRandomTernary(N, df, df - 1, sparse, params.getRandom()) : ProductFormPolynomial.generateRandom(N, df1, df2, df3, df3 - 1, params.getRandom());
            f = t.toIntegerPolynomial();
            fp = f.invertF3();
            if (fp == null)
            {
                continue;
            }
        }

        fq = f.invertFq(q);
        if (fq == null)
        {
            continue;
        }
        break;
    }

    // if fastFp=true, fp=1
    if (fastFp)
    {
        fp = new IntegerPolynomial(N);
        fp.coeffs[0] = 1;
    }

    // choose a random g that is invertible mod q
    DenseTernaryPolynomial g;
    while (true)
    {
        g = DenseTernaryPolynomial.generateRandom(N, dg, dg - 1, params.getRandom());
        if (g.invertFq(q) != null)
        {
            break;
        }
    }

    IntegerPolynomial h = g.mult(fq, q);
    h.mult3(q);
    h.ensurePositive(q);
    g.clear();
    fq.clear();

    NTRUEncryptionPrivateKeyParameters priv = new NTRUEncryptionPrivateKeyParameters(h, t, fp, params.getEncryptionParameters());
    NTRUEncryptionPublicKeyParameters pub = new NTRUEncryptionPublicKeyParameters(h, params.getEncryptionParameters());
    return new AsymmetricCipherKeyPair(pub, priv);
}

F是你所追求的多项式。你说的基础是什么意思？

逆方法在NTRU报表014中描述:几乎反向和快速创建NTRU密钥

https://www.securityinnovation.com/uploads/Crypto/NTRUTech014.pdf

它是通过几个步骤进行优化的。

1. 求Z/2Z/(x^N-1)上f的逆
2. 将其提升到Z/2^rZ/(x^N-1)
3. 重复直到2^r =q