Closed mlmikael closed 7 years ago
tbuktu
commented
7 years ago What do you mean by unsafe uses? Obviously, you should heed the usual guidelines for using public-key encryption algorithms. Are you talking about legal risks related to the NTRU patents?
As for NTRU Prime, it has "defenses" NTRUEncrypt doesn't have and and it runs in constant time, so that makes NTRU Prime more secure. On the other hand, NTRUEncrypt has seen much more cryptanalysis.
mlmikael
commented
7 years ago About safety of this library, I meant, what auditing or testing has this implementation been subject to?
Also, about safe use, i meant like, are there any particular principles that need to be followed for the use to be safe (to timing attacks or what not).
Re patents, there is a set of operational modes that become patent free on August 19:th this year right?
tbuktu
commented
7 years ago People have looked at the code, including in academia, but I do not know how thorougly they have audited or tested it.
The algorithm has built-in countermeasures against timing attacks, so that shouldn't be a concern. If you need to encrypt some plaintext with a public key, it's usually advisable to do hybrid encryption using libsodium. If you're trying to do key exchange, there are simple schemes for doing that.
Yes, after Aug 19 of this year the library won't be patent encumbered if compiled with NTRU_AVOID_HAMMING_WT_PATENT. Note that this will cause a few parameter sets to be unavailable as they require code that will still be patented. See the README for details.
Hi!
What about the safety of particular uses of NTRU, and what about the safety of this library?
So that a non-cryptographer software developer can use this library and know he's doing it right.
For instance, Bernstein brings up examples of unsecure NTRU use for instance here https://ntruprime.cr.yp.to/ntruprime-20160511.pdf .
What about it, is there any guidance for how to use your libntru library safely?
Thanks, Mlmikael