Re: IEEE 802.11 security (public key encryption?)

["Nick Owen" <nowen () wikidsystems com>]

Michael:

I agree with the comparison to RSA - and it's tough to be in crypto as a
business because of that (esp. now that their patents have expired).
However, if I had a choice between asymmetrically encrypted with Ntru and
using WEP, I would chose Ntru.  For our purposes, we are usually competing
against hardware tokens, in particular RSA's SecurID, which uses an
unpublished algorithm.  In fact, we are usually competing against passwords
for remote access, so the comparison should really be between the chances
that your password will be broken (high) plus the costs of passwords (not
inconsequential) to the chances that someone will break Ntru and use it
against you and the cost of replacing Ntru or that someone will break Ntru
but not use it against you and the cost of replacing Ntru.

If you take the business analysis into the picture, the cryptanalysis
changes in importance, IMO.

Nick
-----Original Message-----
From: Michael Wenocur [mailto:michael () ainav com]
Sent: Thursday, July 24, 2003 5:27 PM
To: Nick Owen
Cc: 'N407ER'; security-basics () securityfocus com
Subject: Re: IEEE 802.11 security (public key encryption?)


Greetings,

    Although the folks at Ntru are extremely talented, if not bona fide
geniuses, their system of public key encryption has not yet received the
kind of broad scrutiny needed to justify its deployment.  Many excellent
cryptographers have introduced systems that were later found to have glaring
weaknesses. It is helpful to recall that Rivest, Shamir and Adelman (ie, R,
S and A) discovered the RSA system only on their 42nd attempt. The first 41
were breakable.

Michael

PS Cryptographers propose and cryptanalysts dispose.

Nick Owen wrote:

Visit http://www.ntru.com/cryptolab/index.htm for detailed info.  From
their web site:

"We describe NTRU, a new public key cryptosystem. NTRU features
reasonably short, easily created keys, high speed, and low memory
requirements. NTRU encryption and decryption use a mixing system
suggested by polynomial algebra combined with a clustering principle
based on elementary probability theory. The security of the NTRU
cryptosystem comes from the interaction of the polynomial mixing system
with the independence of reduction modulo two relatively prime integers
p and q."

It has been published since 1998.  While there is a lot of comfort in
RSA in that it's so old the patents have expired, the speed and size
trade-offs are certainly worth it (depending on what "it" is, in our
case, it is).  There was a recent parameter attack published by Ntru
where decryption failures (about one in 1 trillion messages could reveal
the private key.  They have fixed that issue (choose better parameters,
essentially).  In our system, we could have regenerated private keys
easily anyway.

I can't tell you anymore than what's on their website.  It's hard math,
but then all math was hard to me ;).

Nick

-----Original Message-----
From: N407ER [mailto:n407er () myrealbox com]
Sent: Wednesday, July 23, 2003 9:45 PM
To: Nick Owen
Cc: security-basics () securityfocus com
Subject: Re: IEEE 802.11 security (public key encryption?)

Do you know more about how it works? I'm curious how something which
sounds from your description to be really light-weight can be equivalent

to RSA.

Thanks.

Nick Owen wrote:

Just one thought:  we have used a commercial encryption package from

Ntru

for asymmetric encryption on wireless devices (we're using it for a
two-factor authentication system). It is incredibly fast and

incredibly

small.  The keys are 5k, our entire J2ME package is about 32k.  The

key

strengths are equivalent to 1024 bit RSA.  On a J2ME phone, key gen

takes

about 14 seconds, compared to 14 hours or so for ECC and 2+ days for

RSA

(had to kill it).  We were using the Nextel 1st generation phones as

well,

the newer ones are faster.  On a Blackberry or Palm, you hardly notice

the

key gen or encryption, in fact, the network lag is the key drag.

I know that Ntru did some implementation for a Wi-Fi project.  I think

that

it would be a great solution for asymmetric encryption for Wi-fi, if

you had

a particular need that warranted it.  My assumption is that it was not
considered for WEP because it's a commercial product.

Nick Owen

--
Nick Owen
CEO
WiKID Systems, Inc.
404-879-5227
nowen () wikidsystems com
http://www.wikidsystems.com
The End of Passwords






---------------------------------------------------------------------------
----------------------------------------------------------------------------




--
Nick Owen
CEO
WiKID Systems, Inc.
404-879-5227
nowen () wikidsystems com
http://www.wikidsystems.com
The End of Passwords
--



---------------------------------------------------------------------------
----------------------------------------------------------------------------