I am looking at implementing NTRU, but I noticed that while the encryption/decry

Question

I am looking at implementing NTRU, but I noticed that while the encryption/decryption algorithm seems to be mature and well-documented, there is comparatively little information about how to sign using NTRU (and the proposed method apparently leaks information about the private key).

My question is, why can't I just sign in the same way one would sign an RSA message, i.e. the sender "decrypts" a known quantity using his private key, so that the recipient can "encrypt" the signature and easily verify it? (With any required padding of course.)

Are there any flaws in doing this?

Explanation / Answer

That's not possible. It just so happens that this works with RSA because of the unique properties of RSA, but the majority of other asymmetric schemes just don't happen to work this way. For other schemes, the signature and encryption algorithms can be completely different and there may be no way to "encrypt" with the private key or "sign" with the public key.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.