2

There are three types of default security levels of NTRU, implemented in bouncy-castle:

 1. NTRUSigningKeyGenerationParameters.TEST157
 2. NTRUSigningKeyGenerationParameters.APR2011_439
 3. NTRUSigningKeyGenerationParameters.APR2011_743

First two are generated normally, but when I try to generate the tird one, I get the next Exception:

SEVERE: Servlet.service() for servlet [mvc-dispatcher] in context with path [] threw exception [Request processing failed; nested exception is java.lang.IllegalStateException: Signing failed: too many retries (max=100)] with root cause java.lang.IllegalStateException: Signing failed: too many retries (max=100)

Here is piece of my code:

NTRUSigningPrivateKeyParameters ntruSigningPrivateKeyParameters1 = null;

    NTRUSigner ntruSigner = new NTRUSigner(ntruSigningKeyGenerationParameters.getSigningParameters());

    try {
        ntruSigningPrivateKeyParameters1 = new NTRUSigningPrivateKeyParameters(ntruSigningPrivateKeyParameters.getEncoded(), ntruSigningKeyGenerationParameters);
    } catch (IOException e) {

        e.printStackTrace();
    }

    ntruSigner.init(true, ntruSigningPrivateKeyParameters);
    byte [] res = ntruSigner.generateSignature();

Calling ntruSigner.generateSignature() with the third set of parameters leads to a such Exception.

Does anyone knows how to solve it?

Artjom B.
  • 61,146
  • 24
  • 125
  • 222
user3038475
  • 343
  • 1
  • 3
  • 8
  • You know what happens when you go in for the leading edge; you may fall off. I would recommend sending this question to the bouncy castle dev mailing list instead. David or one of the other maintainers may be able to extend a hand and keep you on the edge :P Or take a look at the source code and see if you can change it for your specific case. – Maarten Bodewes Apr 17 '14 at 12:47
  • @owlstead you again =) thnx for the tip, I've already sent a letter to them – user3038475 Apr 17 '14 at 20:27
  • If they are able to help you please post the solution here as answer, and I'll vote up. – Maarten Bodewes Apr 17 '14 at 21:11

3 Answers3

1

Currently, it's a bug, so there are two solutions:

  1. use another library - tbuktu's github project (bouncy-castle is using it with some modifications, as I see)
  2. download sources, catch the bug of this generation parameter, solve it and pack into library for a project
user3038475
  • 343
  • 1
  • 3
  • 8
1

It's not really a bug in the code. The problem is that the norm bound in the APR2011_743 and APR2011_743_PROD parameter sets is too low which means that the signer is unable to generate a valid signature.

For N=743, q=2048 and beta=0.127 you should choose a norm bound of around 545 (see equation 10 in J. Hoffstein et al, Performance improvements and a baseline parameter generation algorithm for NTRUSign) but the parameter sets in BouncyCastle use normBound=405. Changing this solves the issue.

DanielF
  • 11
  • 2
1

Updating the normBound does appear to fix the issue, however I should point out the NTRUSigner class is now deprecated in Bouncy Castle. The NTRU signing algorithm was shown to be badly broken just over a year ago. See:

http://www.di.ens.fr/~ducas/NTRUSign_Cryptanalysis/DucasNguyen_Learning.pdf

for details.

David Hook
  • 531
  • 3
  • 3