李子臣，吴庆豪，宋佳烁，等.矩阵NTRU密码体制参数的研究［J］.河南理工大学学报（自然科学版），doi:10.16186/j.cnki.1673-9787.2023100040.

LI Z C，WU Q H，SONG J S，et al.Study on the parameters of the matrix NTRU cryptosystem［J］.Journal of Henan Polytechnic University（Natural Science），doi:10.16186/j.cnki.1673-9787.2023100040.

矩阵NTRU密码体制参数的研究(网络首发)

李子臣¹，吴庆豪¹，宋佳烁²，彭海朋²

（1.北京印刷学院 信息工程学院，北京 102600；2.北京邮电大学 网络空间安全学院，北京 100876）

摘要: 随着量子计算机的快速发展，后量子密码逐渐成为密码学研究热点。 目的 为了避免矩阵NTRU和NTRU一样出现解密失败的情况，对Matrix NTRU算法进行优化。 方法 根据同余密码算法对参数空间约束的方法，提出一种矩阵NTRU密码体制参数空间的优化选择方法。该方法重新定义参数空间，精确优化参数选择，通过对原有参数空间进行压缩，将矩阵元素的运算控制在一定范围内，避免因为模越界而解密失败的情况。 结果 理论分析表明，优化后的矩阵NTRU算法可以避免加解密失败的情况。为检测优化后的矩阵NTRU性能，对改进后的矩阵NTRU和NTRU 2种密码算法在密钥和明文安全性、密钥长度、密文扩展、加解密速度方面进行对比分析。选取合适d值，优化后的矩阵NTRU算法的信息与密钥的安全性大于NTRU算法的信息与密钥安全性的数倍，而公钥长度、私钥长度和密文扩展与NTRU方案相同。优化矩阵NTRU算法的加解密速度是NTRU算法的n倍。最后通过实验进一步验证了优化后的矩阵NTRU效率，加解密速度与理论分析相符。 结论 优化参数后的矩阵NTRU具有加解密正确、高效等特点。

关键词:矩阵NTRU；解密失败；矩阵环；后量子密码

doi:10.16186/j.cnki.1673-9787.2023100040.

基金项目: 国家自然科学基金资助项目（61370188）；北京市教委科研计划项目（KM202010015009，KM202110015004，KM202310015002）；北京印刷学院博士启动金资助项目（27170120003/020，27170122006）；北京印刷学院科研创新团队项目（Eb202101）；北京印刷学院校内学科建设项目（21090121021）；北京印刷学院重点教改项目（22150121033/009）；北京印刷学院科研基础研究一般项目（Ec202201）；北京市高等教育学会课题资助项目（MS2022093）

收稿日期：2023-10-19

修回日期：2023-12-27

网络首发日期：2024-10-15

Study on the parameters of the matrix NTRU cryptosystem

LI Zichen¹，WU Qinghao¹，SONG Jiashuo²，PENG Haipeng²

（1.School of Information Engineering,Beijing Institute of Graphic Communication,Beijing 102600,China；2.School of Cybersecurity,Beijing University of Posts and Telecommunications,Beijing 100876,China）

Abstract: With the rapid development of quantum computers， post-quantum cryptography has emerged as a prominent area of research in cryptography. Objectives In order to avoid the decryption failure in matrix NTRU as NTRU， the Matrix NTRU algorithm is optimised. Methods Based on the method of constraining the parameter space in congruent cryptographic algorithms， a method for optimal selection of the parameter space of matrix NTRU cryptographic regimes is proposed. This method redefined the parameter space and accurately improves the choice of parameters， allowing control of the operation of matrix elements within a specific range. By compressing the original parameter space， decryption failures caused by modulo operations going out of bounds were avoided. Results It is theoretically proven that the improved matrix NTRU algorithm avoids encryption and decryption failures. In order to test the performance of the improved matrix NTRU， a theoretical analysis was first carried out. The improved matrix NTRU and NTRU cipher algorithms are compared and analysed in terms of key and plaintext security， key length， ciphertext extension， encryption and decryption speed. By choosing a suitable value of d， the message and key security of the improved matrix NTRU algorithm is several times greater than the message and key security of the NTRU algorithm. The public and private key lengths and ciphertext extensions are the same as in the NTRU scheme. The improved matrix NTRU algorithm is n times faster than the NTRU algorithm for encryption and decryption. Finally， the efficiency of the improved matrix NTRU is further verified by experiments， and the encryption and decryption speeds are consistent with the theoretical analysis. Conclusion The result indicated that the matrix NTRU algorithm， optimized with adjusted parameters， possesses characteristics such as accurate encryption and decryption， as well as high efficiency.

Key words: matrix NTRU；decryption failure；matrix ring；post-quantum cipher