Page 15 - index
P. 15
Fixing the Broken Internet
Applying NTRU Public Key Cryptography
Public key cryptography is the basis of security on the internet. SSL and TLS, which provide the
foundation for secure communications are both based on public key, and they’re in danger. The
recent “Snowden” events have brought to light the fact that what was considered our strongest
public key option, ECC [Elliptic Curve Cryptography], might have been tinkered with by the NSA,
which makes it a non-viable implementation. RSA, the other major public key system is nearly
broken and its performance is too poor for today’s rapid transaction systems such as NASDAQ
OMX which executes one million messages per second at sub 40 microsecond speeds. With
the primary public key systems compromised, we find ourselves needing an alternative that is a)
secure, b) fast, c) open, and d) not riddled with back doors and other holes that could be
exploited by crooks. A perfect solution would also be future proof and be useful far down the
road, after the time when quantum computers, a cryptographers nightmare, will be
commonplace.
Enter NTRU; a fresh, lattice based public key cryptography system that’s small, fast, strong,
open source and will resist attacks by quantum computers . Implementing NTRU as an
alternative to ECC and RSA is surely a daunting task and will need to be spread out over
several years, but the result could be a completely secure and future proof Internet. The
performance gains alone make NTRU the logical choice for carrying on the Internet public key
activities.
Some may say that the key size in lattice based systems like NTRU are prohibitive. That may
have been the case 10 or 20 years ago when systems relied on compact data to enable
security, but todays systems are well capable of working with kilobyte long keys without
breathing hard. Looking at the performance numbers in table 1 we can see that NTRU is 5000
times faster than RSA and roughly 43 times faster than ECC at the same bit strength and load.
The significance of speed is realized in the time consuming handshaking activities when setting
up a SSL/TLS connection where potentially thousands of transactions take place every second.
Imagine the speed gains on an ecommerce site serving millions of people and the reduced load
on the servers; a 5000x gain in performance allows quicker connects and more connects and
improves both the user experience and machine efficiency.
Performance is key, but speed without strength makes no sense. An attack against RSA and
ECC is multi year, multi computer affair however, advances in math have brought new
algorithms to bear that are threatening RSA, and whatever NSA has done with ECC makes a
math attack irrelevant. NTRU is based on lattice math which can be thought of as a “needle in a
haystack” problem. The math allows NTRU to hide information in a huge matrix and quickly find
15 Cyber Warnings E-Magazine – December 2013 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
