BITRU : Binary Version of the NTRU Public Key Cryptosystem via Binary Algebra

New terms such as closest vector problem (CVP) and the shortest vector problem (SVP), which have been illustrated as NP-hard problem, emerged, leading to a new hope for designing public key cryptosystem based on certain lattice hardness. A new cryptosystem called NTRU is proven computationally efficient and it can be implemented with low cost. With these characteristics, NTRU possesses advantage over others system that rely on number-theoretical problem in a finite field (e.g. integer factorization problem or discrete logarithm problem). These advantages make NTRU a good choice for many applications. After the adaptation of NTRU, many attempts to generalize its algebraic structure have appeared. In this study, a new variant of the NTRU public key cryptosystem called BITRU is proposed. BITRU is based on a new algebraic structure used as an alternative to NTRU-mathematical structure called binary algebra. This commutative and associative. Establishing two public keys in the proposed system has distinguished it from NTRU and those similar to NTRU cryptosystems. This new structure helps to increase the security and complexity of BITRU. The clauses of BITRU, which include key generation, encryption, decryption, and decryption failure, are explained in details. Its suitability of the proposed system is proven and its security is demonstrated by comparing it with NTRU. Keywords—NTRU; BITRU; polynomial ring; binary algebra


INTRODUCTION
With the rapid development of wireless communication system widely deployed in recent years, security has become a crucial issue.Cryptography to solve this issue; it is used to meet the requirements of data and network communication security, namely, confidentiality, integrity, authentication, and non-repudiation [1].The designing of high-performed algorithms is greatly demanded, which leads to security risk and heightens the need for analysis and investigation.Many public key cryptosystems have been developed since the Diffie Hellman seminal paper [2] was presented in 1976.Most of these cryptosystem are based on two mathematical hard problems: factorization and discrete logarithm problems (e.g., RSA [3], ElGamal cryptosystem [4], ECC [5], and many others [6]).From a practical perspective, most of these systems are costly because of their space complexity and high computation.This problem can be resolved by looking for new fast cryptosystems based on different hard problems.
The number theory research unit (NTRU) public key cryptosystem is a new generation of public key cryptosystems based on lattice hard problem introduced in 1996 by three mathematicians, namely Jeffery Hoffstein, Joseph Silverman, and Jill Piper [7].It is the first public key cryptosystem that does not depend on the factorization and discrete algorithm problems aforementioned mathematical problems.Unfortunately, similar to many other public key systems, its security is unguaranteed although it is closely based on lattice problem.The basic collection of objects used by the NTRU public key cryptosystem occurs in a truncated polynomial ring of degree with integer coefficients belonging to ⁄ .NTRU is faster and has significantly smaller keys than the RSA and ECC cryptosystem.
Many researchers have improved the performance of NTRU by developing of its algebraic structure.In 2002, Gaborit et al. [8] introduced a NTRU-like cryptosystem called CTRU by replacing the base ring of the NTRU with a polynomial ring over a binary field F2[x].They proved that their system is successfully decrypted.In 2005, Kouzmenko [9] showed that CTRU is weak under a time attack and proposed the GNTRU cryptosystem based on Gaussian integers rather or .In the same year, Coglianese et al. [10] introduced an analog to the NTRU cryptosystem called MaTRU.MaTRU is based on a ring of all square matrices with polynomial entries.In 2009, Malekian et al. introduced the QTRU cryptosystem based on quaternion algebra [11].They also introduced the OTRU cryptosystem in 2010 based on Octonion algebra [12].Afterward, Vats [13] presented a new a non-commutative NTRU analog.His system is operated in the non-commutative ring , where is a matrix ring of the matrices of polynomials in ⁄ .He proved that the speed is improved by a factor of O ( ) over NTRU.In 2011, N. Zhao and S. Su [14] improved the algorithm of seeking the inverse of polynomial in NTRU.Also, they designed a new algorithm to judge whether the polynomial is invertible or not by computing .If it equals to , it is invertible, otherwise, the polynomial has no inverse in modulo w, and this algorithm use a matrix of an N-cyclic (A) corresponding to coefficients of polynomial of order .
In 2012, Y. Bin Pan and Y. Deng in [15] focused on the technique of hiding the trapdoor of NTRU cryptosystem.So, they presented general NTRUlike framework.This framework has constructed new lattice based public key cryptosystem to find some particular kinds of easy closest vector problems (CVPs).They proposed a new lattice based public key cryptosystem as an application of their framework.www.ijacsa.thesai.org In 2013, Jarvis et al. [16] proposed a new framework based on the ring of a cubic root of unity known as the Eisenstein ring , whose coefficient integers belong to .They called it ETRU.
In 2014, P. Gauravaram, H. Narumanchi and N. Emmadi [17] present our analytical study on the implementation of NTRU encryption scheme which serves as a guideline for security practitioners who are novice to lattice based cryptographic implementations.In the same year, D. Cabarcas, P. Weiden, and J. Buchmann in [18] focused on the relationship between two embedding's ideals into geometric space and the shortest vector problem in principal ideal lattice.
In 2015, S. C. Batson in [19] focused on the relationship between two embedding's ideals into geometric space and the shortest vector problem in principal ideal lattice.In the same year, Alsaidi et al. [20] introduced the CQTRU cryptosystem based on commutative quaternion algebra.
In 2016, Thakur and Tripathi introduced BTRU, a new NTRU-like cryptosystem that replaces Z by a ring of polynomial with one variable over a rational field.They conveyed faster than NTRU [21].In the same year, Yassein and Alsaidi [22] introduced an analog to the NTRU cryptosystem called HXDTRU, where the operations occur in the specially designed high-dimensional algebra called hexadecnion algebra.
In this study, we present a new multidimensional public key cryptosystem BITRU based on binary algebra.The mathematical structure of the proposed system results in two public keys, which in turn helps increase the BITRU security in comparison to its equivalents with identical structure.This work is organized as follows.The summary of the original NTRU based on the arbitrary polynomial ring ⁄ is briefly introduced in Section II.The binary algebra used to construct the new NTRU-like cryptosystem, with its algebraic structure is provided in Section III.An analog of the NTRU cryptosystem called BITRU is proposed in Section IV.The successful decryption of the proposed system is proven through two propositions in Section V.The security and complexity analysis of the BITRU is discussed in Section VI.The study is concluded in Section VII.

II. NTRU CRYPTOSYSTEM
A simple description of the NTRU cryptosystem is explained in this section.This cryptosystem depends on the addition and multiplication in the ring of a truncated polynomial of degree denoted by ⁄ , where is a prime.Let and denotes the rings of truncated polynomial modulo and respectively, where and are integers number, such that, and is significantly larger than .Let , and be constant integers less than .Let and be defined in Table 1.A rough outline of the key creation, encryption, and decryption processes is presented as follows:

A. Key Generation
Public and private keys are generated by having the sender initially randomly choose two small polynomials and from and , respectively, such that must be invertible modulo and denoted by and , respectively, where and .A new polynomial can be chosen if probable is not invertible.Parameters and must be kept confidential.The public key is computed in the following manner: where , and are kept confidential (i.e., sender private key).

B. Encryption
Encryption is performed as follows: For any given message  the public key is used to compute the ciphertext , such that, , where  is randomly chosen.

C. Decryption
Decryption is performed after the second party receives .The receiver must find , such that to derive the message.The coefficients of should be adjusted to lie in the interval ( ] thus the unnecessary reduction of .
The resulting polynomial obtains coefficients in the interval .It does not change if its coefficients are reduced to modulo .The receiver computes the polynomial as follows: www.ijacsa.thesai.org The result is then multiplied by to construct message .
the resulting coefficients are adjusted within the interval .

III. BINARY ALGEBRA
In this section, a real binary algebra and its properties are introduced.It is a vector space of two dimensions over the real numbers defined as follows:

{
| } where and is the set of real numbers.The operation on this algebra is defined as follows:

Let
, such that and the addition is then defined by , the multiplication is then defined by and for any scalar , the scalar multiplication is defined by .This algebra is associative and commutative.
Every non zero element in contains a unique multiplication inverse that is given by such that .
Let be a finite field of .We define the binary algebra over as follows: = { | }, with addition, scalar multiplication, multiplication, and square norm as defined in the real binary algebra.We now consider the truncated polynomial ring ⁄ and .We define three binary algebras , and as follows: Let and or , such that: , where and or .
The addition of and is performed by adding the corresponding coefficients or , such that ( ) ( ) The multiplication of and is defined as follows: where is the convolution product, the scalar multiplication is defined by for any scalar and the same multiplication inverse is defined for the .

IV. PROPOSED BITRU CRYPTOSYSTEM
The BITRU cryptosystem is set up by integers and such that is a prime, and are relatively prime and is significantly larger than .It also depends on five subsets define as follows Definition 1: The subsets and are called the subsets of BITRU defined as follows:

Let
The first term is equal to zero modulo because it contains .

VI. LATTICE-BASED ATTACKS
To prove the security of BITRU, different attacks have been investigated to show that they are without major effects.In such cryptosystems that based on polynomial ring, the lattice is defined from the relation between the public key and the private key, where the private key represents the shortest vector in this lattice and can be found by solving the approximate matrix for that vector.The attacker must recover the private keys and from the public keys and , respectively, to attack BITRU.This move is equivalent to finding the shortest vector in the BITRU lattice denoted by .
The attacker first spreads as follows: and All the polynomials and can be represented in their matrix isomorphic representation as follows: where denoted the identity matrix, denotes times the identity matrix, denotes zero matrix, and are described as follows: Therefore, the vectors and belong to and , respectively.A short vector in and can be found by a lattice reduction algorithm, which demonstrates that BITRU can resist lattice attacks significantly more than the NTRU.For simplicity, we assume that ⁄ because the determinant is equal to the determinant of which is an upper triangle matrix, and that its determinant is equal to , ‖ ‖ ≈√ ≈ 1.63√ .The Gaussian heuristic expected that the length of the shortest nonzero vector is calculated as δ( ) =√ √ 0.48√ .Also , hence the purpose vectors in are shorter than that expected by the Gaussian heuristic, also the dimension of is twice the time of the dimension of when choosing the same value of .In similar way, the length of the shortest nonzero vector is calculated as δ( ) 0.48√ .Therefore, BITRU is more resistance against lattice attacks than NTRU.

VII. CONCLUSION
 In NTRU, the computation with small coefficient in the convolution product of polynomials resulted in a fast and low cost system that is superior to other theoretical number cryptosystems (e.g., RSA, ECC, and ElGamal) requiring a series of multiplications.The computation in NRTU also does not require any multi-precision libraries because all the polynomial coefficients are reduced mode q which resulted in 11 bit integers at most.
 In this study, the BITRU cryptosystem based on binary algebra is proposed.It is a multi-dimensional cryptosystem that can encrypt two messages from a single origin or two independent messages from two different origins.This property is important in certain applications such as, cellular phones and electronic voting system.When the coefficient of j is equal to zero.
 BITRU is converted to NTRU, with public key k=1 and g=1.
 The security of BITRU is four times that of NTRU because it contains two public keys h,k with four polynomials private keys and .
 The proposed BITRU is a promising high-performing system.It exhibits certain robustness against wellknown attacks that can threaten the security of the NTRU or NTRU-like cryptosystems.
 By lowering N, the speed of BITRU is faster than that of NTRU with the same parameters.