Package org.bouncycastle.pqc.legacy.crypto.ntru

Class NTRUEncryptionKeyGenerationParameters

java.lang.Object
org.bouncycastle.crypto.KeyGenerationParameters
org.bouncycastle.pqc.legacy.crypto.ntru.NTRUEncryptionKeyGenerationParameters
All Implemented Interfaces:
Cloneable
public class NTRUEncryptionKeyGenerationParameters extends KeyGenerationParameters implements Cloneable
A set of parameters for NtruEncrypt. Several predefined parameter sets are available and new ones can be created as well.

  • Field Details

    • EES1087EP2

      public static final NTRUEncryptionKeyGenerationParameters EES1087EP2
      A conservative (in terms of security) parameter set that gives 256 bits of security and is optimized for key size. Uses CryptoServicesRegistrar.getSecureRandom() as an entropy source (but the value present at class load time).

    • EES1171EP1

      public static final NTRUEncryptionKeyGenerationParameters EES1171EP1
      A conservative (in terms of security) parameter set that gives 256 bits of security and is a tradeoff between key size and encryption/decryption speed. Uses CryptoServicesRegistrar.getSecureRandom() as an entropy source (but the value present at class load time).

    • EES1499EP1

      public static final NTRUEncryptionKeyGenerationParameters EES1499EP1
      A conservative (in terms of security) parameter set that gives 256 bits of security and is optimized for encryption/decryption speed. Uses CryptoServicesRegistrar.getSecureRandom() as an entropy source (but the value present at class load time).

    • APR2011_439

      public static final NTRUEncryptionKeyGenerationParameters APR2011_439
      A parameter set that gives 128 bits of security and uses simple ternary polynomials. Uses CryptoServicesRegistrar.getSecureRandom() as an entropy source (but the value present at class load time).

    • APR2011_439_FAST

      public static final NTRUEncryptionKeyGenerationParameters APR2011_439_FAST
      Like APR2011_439, this parameter set gives 128 bits of security but uses product-form polynomials and f=1+pF. Uses CryptoServicesRegistrar.getSecureRandom() as an entropy source (but the value present at class load time).

    • APR2011_743

      public static final NTRUEncryptionKeyGenerationParameters APR2011_743
      A parameter set that gives 256 bits of security and uses simple ternary polynomials. Uses CryptoServicesRegistrar.getSecureRandom() as an entropy source (but the value present at class load time).

    • APR2011_743_FAST

      public static final NTRUEncryptionKeyGenerationParameters APR2011_743_FAST
      Like APR2011_743, this parameter set gives 256 bits of security but uses product-form polynomials and f=1+pF. Uses CryptoServicesRegistrar.getSecureRandom() as an entropy source (but the value present at class load time).

    • N

      public int N

    • q

      public int q

    • df

      public int df

    • df1

      public int df1

    • df2

      public int df2

    • df3

      public int df3

    • dr

      public int dr

    • dr1

      public int dr1

    • dr2

      public int dr2

    • dr3

      public int dr3

    • dg

      public int dg

    • maxMsgLenBytes

      public int maxMsgLenBytes

    • db

      public int db

    • bufferLenBits

      public int bufferLenBits

    • dm0

      public int dm0

    • pkLen

      public int pkLen

    • c

      public int c

    • minCallsR

      public int minCallsR

    • minCallsMask

      public int minCallsMask

    • hashSeed

      public boolean hashSeed

    • oid

      public byte[] oid

    • sparse

      public boolean sparse

    • fastFp

      public boolean fastFp

    • polyType

      public int polyType

    • hashAlg

      public Digest hashAlg

  • Constructor Details

    • NTRUEncryptionKeyGenerationParameters

      public NTRUEncryptionKeyGenerationParameters(int N, int q, int df, int dm0, int db, int c, int minCallsR, int minCallsMask, boolean hashSeed, byte[] oid, boolean sparse, boolean fastFp, Digest hashAlg, SecureRandom random)
      Constructs a parameter set that uses ternary private keys (i.e. polyType=SIMPLE).
      Parameters:
      N - number of polynomial coefficients
      q - modulus
      df - number of ones in the private polynomial f
      dm0 - minimum acceptable number of -1's, 0's, and 1's in the polynomial m' in the last encryption step
      db - number of random bits to prepend to the message
      c - a parameter for the Index Generation Function (IndexGenerator)
      minCallsR - minimum number of hash calls for the IGF to make
      minCallsMask - minimum number of calls to generate the masking polynomial
      hashSeed - whether to hash the seed in the MGF first (true) or use the seed directly (false)
      oid - three bytes that uniquely identify the parameter set
      sparse - whether to treat ternary polynomials as sparsely populated (SparseTernaryPolynomial vs DenseTernaryPolynomial)
      fastFp - whether f=1+p*F for a ternary F (true) or f is ternary (false)
      hashAlg - a valid identifier for a java.security.MessageDigest instance such as SHA-256. The MessageDigest must support the getDigestLength() method.
      random - entropy source, if null uses CryptoServicesRegistrar.getSecureRandom()

    • NTRUEncryptionKeyGenerationParameters

      public NTRUEncryptionKeyGenerationParameters(int N, int q, int df, int dm0, int db, int c, int minCallsR, int minCallsMask, boolean hashSeed, byte[] oid, boolean sparse, boolean fastFp, Digest hashAlg)
      Constructs a parameter set that uses ternary private keys (i.e. polyType=SIMPLE).
      Parameters:
      N - number of polynomial coefficients
      q - modulus
      df - number of ones in the private polynomial f
      dm0 - minimum acceptable number of -1's, 0's, and 1's in the polynomial m' in the last encryption step
      db - number of random bits to prepend to the message
      c - a parameter for the Index Generation Function (IndexGenerator)
      minCallsR - minimum number of hash calls for the IGF to make
      minCallsMask - minimum number of calls to generate the masking polynomial
      hashSeed - whether to hash the seed in the MGF first (true) or use the seed directly (false)
      oid - three bytes that uniquely identify the parameter set
      sparse - whether to treat ternary polynomials as sparsely populated (SparseTernaryPolynomial vs DenseTernaryPolynomial)
      fastFp - whether f=1+p*F for a ternary F (true) or f is ternary (false)
      hashAlg - a valid identifier for a java.security.MessageDigest instance such as SHA-256. The MessageDigest must support the getDigestLength() method.

    • NTRUEncryptionKeyGenerationParameters

      public NTRUEncryptionKeyGenerationParameters(int N, int q, int df1, int df2, int df3, int dm0, int db, int c, int minCallsR, int minCallsMask, boolean hashSeed, byte[] oid, boolean sparse, boolean fastFp, Digest hashAlg, SecureRandom random)
      Constructs a parameter set that uses product-form private keys (i.e. polyType=PRODUCT).
      Parameters:
      N - number of polynomial coefficients
      q - modulus
      df1 - number of ones in the private polynomial f1
      df2 - number of ones in the private polynomial f2
      df3 - number of ones in the private polynomial f3
      dm0 - minimum acceptable number of -1's, 0's, and 1's in the polynomial m' in the last encryption step
      db - number of random bits to prepend to the message
      c - a parameter for the Index Generation Function (IndexGenerator)
      minCallsR - minimum number of hash calls for the IGF to make
      minCallsMask - minimum number of calls to generate the masking polynomial
      hashSeed - whether to hash the seed in the MGF first (true) or use the seed directly (false)
      oid - three bytes that uniquely identify the parameter set
      sparse - whether to treat ternary polynomials as sparsely populated (SparseTernaryPolynomial vs DenseTernaryPolynomial)
      fastFp - whether f=1+p*F for a ternary F (true) or f is ternary (false)
      hashAlg - a valid identifier for a java.security.MessageDigest instance such as SHA-256
      random - entropy source, if null uses CryptoServicesRegistrar.getSecureRandom()

    • NTRUEncryptionKeyGenerationParameters

      public NTRUEncryptionKeyGenerationParameters(int N, int q, int df1, int df2, int df3, int dm0, int db, int c, int minCallsR, int minCallsMask, boolean hashSeed, byte[] oid, boolean sparse, boolean fastFp, Digest hashAlg)
      Constructs a parameter set that uses product-form private keys (i.e. polyType=PRODUCT). Uses CryptoServicesRegistrar.getSecureRandom() as an entropy source.
      Parameters:
      N - number of polynomial coefficients
      q - modulus
      df1 - number of ones in the private polynomial f1
      df2 - number of ones in the private polynomial f2
      df3 - number of ones in the private polynomial f3
      dm0 - minimum acceptable number of -1's, 0's, and 1's in the polynomial m' in the last encryption step
      db - number of random bits to prepend to the message
      c - a parameter for the Index Generation Function (IndexGenerator)
      minCallsR - minimum number of hash calls for the IGF to make
      minCallsMask - minimum number of calls to generate the masking polynomial
      hashSeed - whether to hash the seed in the MGF first (true) or use the seed directly (false)
      oid - three bytes that uniquely identify the parameter set
      sparse - whether to treat ternary polynomials as sparsely populated (SparseTernaryPolynomial vs DenseTernaryPolynomial)
      fastFp - whether f=1+p*F for a ternary F (true) or f is ternary (false)
      hashAlg - a valid identifier for a java.security.MessageDigest instance such as SHA-256

    • NTRUEncryptionKeyGenerationParameters

      public NTRUEncryptionKeyGenerationParameters(InputStream is) throws IOException
      Reads a parameter set from an input stream.
      Parameters:
      is - an input stream
      Throws:
      IOException

  • Method Details