Advertisement

Provably Secure NTRUEncrypt over Any Cyclotomic Field

  • Yang Wang
  • Mingqiang WangEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11349)

Abstract

NTRUEncrypt is generally recognized as one of candidate encryption schemes for post quantum cryptography, due to its moderate key sizes, remarkable performance and potential capacity of resistance to quantum computers. However, the previous provably secure NTRUEncrypts are only based on prime-power cyclotomic rings. Whether there are provably secure NTRUEncrypt schemes over more general algebraic number fields is still an open problem. In this paper, we answer this question and present a new provably IND-CPA secure NTRUEncrypt over any cyclotomic field. The security of our scheme is reduced to a variant of learning with errors problem over rings (Ring-LWE). More precisely, the security of our scheme is based on the worst-case approximate shortest independent vectors problem (SIVP\(_\gamma \)) over ideal lattices. We prove that, once the field is fixed, the bounds of the reduction parameter \(\gamma \) and the modulus q in our scheme are less dependent on the choices of plaintext spaces. This leads to that our scheme provides more flexibility for the choices of plaintext spaces with higher efficiency under stronger security assumption. Furthermore, the probability that the decryption algorithm of our scheme fails to get the correct plaintext is much smaller than that of the previous works.

Keywords

NTRU Ideal lattices Canonical embedding Cyclotomic fields Ring-LWE 

Notes

Acknowledgement

We would like to express our gratitude to Bin Guan and Yang Yu for helpful discussions. We also thank the anonymous SAC’18 reviewers for their valuable comments and suggestions. The authors are supported by National Cryptography Development Fund (Grant No. MMJJ20180210), NSFC Grant 61832012, NSFC Grant 61672019 and the Fundamental Research Funds of Shandong University (Grant No. 2016JC029).

References

  1. 1.
    Albrecht, M., Bai, S., Ducas, L.: A subfield lattice attack on overstretched NTRU assumptions. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 153–178. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53018-4_6CrossRefGoogle Scholar
  2. 2.
    Bos, J.W., Lauter, K., Loftus, J., Naehrig, M.: Improved security for a ring-based fully homomorphic encryption scheme. In: Stam, M. (ed.) IMACC 2013. LNCS, vol. 8308, pp. 45–64. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-45239-0_4CrossRefGoogle Scholar
  3. 3.
    Cabarcas, D., Weiden, P., Buchmann, J.: On the efficiency of provably secure NTRU. In: Mosca, M. (ed.) PQCrypto 2014. LNCS, vol. 8772, pp. 22–39. Springer, Cham (2014).  https://doi.org/10.1007/978-3-319-11659-4_2CrossRefGoogle Scholar
  4. 4.
    Cheon, J.H., Jeong, J., Lee, C.: An algorithm for NTRU problems and cryptanalysis of the GGH multilinear map without a low-level encoding of zero. LMS J. Comput. Math. 19(A), 255–266 (2016).  https://doi.org/10.1112/S1461157016000371MathSciNetCrossRefzbMATHGoogle Scholar
  5. 5.
    Coppersmith, D., Shamir, A.: Lattice attacks on NTRU. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 52–61. Springer, Heidelberg (1997).  https://doi.org/10.1007/3-540-69053-0_5CrossRefGoogle Scholar
  6. 6.
    Ducas, L., Durmus, A.: Ring-LWE in polynomial rings. In: Fischlin, M., Buchmann, J., Manulis, M. (eds.) PKC 2012. LNCS, vol. 7293, pp. 34–51. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-30057-8_3CrossRefGoogle Scholar
  7. 7.
    Ducas, L., Durmus, A., Lepoint, T., Lyubashevsky, V.: Lattice signatures and bimodal Gaussians. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 40–56. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-40041-4_3CrossRefGoogle Scholar
  8. 8.
    Ducas, L., Lyubashevsky, V., Prest, T.: Efficient identity-based encryption over NTRU lattices. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8874, pp. 22–41. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-45608-8_2CrossRefGoogle Scholar
  9. 9.
    Ducas, L., Nguyen, P.Q.: Learning a zonotope and more: cryptanalysis of NTRUSign countermeasures. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 433–450. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-34961-4_27CrossRefGoogle Scholar
  10. 10.
    Gama, N., Nguyen, P.Q.: New chosen-ciphertext attacks on NTRU. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 89–106. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-71677-8_7CrossRefGoogle Scholar
  11. 11.
    Garg, S., Gentry, C., Halevi, S.: Candidate multilinear maps from ideal lattices. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 1–17. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-38348-9_1CrossRefGoogle Scholar
  12. 12.
    Gentry, C.: Key recovery and message attacks on NTRU-composite. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 182–194. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-44987-6_12CrossRefGoogle Scholar
  13. 13.
    Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoors for hard lattices and new cryptographic constructions. In: Proceedings of the Fortieth Annual ACM Symposium on Theory of Computing, STOC 2008, pp. 197–206, ACM, New York (2008).  https://doi.org/10.1145/1374376.1374407
  14. 14.
    Hoffstein, J., Howgrave-Graham, N., Pipher, J., Silverman, J.H., Whyte, W.: NTRUSign: digital signatures using the NTRU lattice. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 122–140. Springer, Heidelberg (2003).  https://doi.org/10.1007/3-540-36563-X_9CrossRefGoogle Scholar
  15. 15.
    Hoffstein, J., Pipher, J., Silverman, J.H.: NTRU: a ring-based public key cryptosystem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 267–288. Springer, Heidelberg (1998).  https://doi.org/10.1007/BFb0054868CrossRefGoogle Scholar
  16. 16.
    Howgrave-Graham, N.: A hybrid lattice-reduction and meet-in-the-middle attack against NTRU. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 150–169. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-74143-5_9CrossRefzbMATHGoogle Scholar
  17. 17.
    Jaulmes, É., Joux, A.: A chosen-ciphertext attack against NTRU. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 20–35. Springer, Heidelberg (2000).  https://doi.org/10.1007/3-540-44598-6_2CrossRefGoogle Scholar
  18. 18.
    Kirchner, P., Fouque, P.-A.: Revisiting lattice attacks on overstretched NTRU parameters. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10210, pp. 3–26. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-56620-7_1CrossRefGoogle Scholar
  19. 19.
    Langlois, A., Stehlé, D.: Worst-case to average-case reductions for module lattices. Des. Codes Cryptogr. 75(3), 565–599 (2015).  https://doi.org/10.1007/s10623-014-9938-4MathSciNetCrossRefzbMATHGoogle Scholar
  20. 20.
    López-Alt, A., Tromer, E., Vaikuntanathan, V.: On-the-fly multiparty computation on the cloud via multikey fully homomorphic encryption. In: Proceedings of the Forty-Fourth Annual ACM Symposium on Theory of Computing, STOC 2012, pp. 1219–1234. ACM, New York (2012).  https://doi.org/10.1145/2213977.2214086
  21. 21.
    Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 1–23. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-13190-5_1CrossRefGoogle Scholar
  22. 22.
    Lyubashevsky, V., Peikert, C., Regev, O.: A toolkit for ring-LWE cryptography. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 35–54. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-38348-9_3CrossRefGoogle Scholar
  23. 23.
    Micciancio, D., Regev, O.: Worst-case to average-case reductions based on Gaussian measures. SIAM J. Comput. 37(1), 267–302 (2007).  https://doi.org/10.1137/S0097539705447360MathSciNetCrossRefzbMATHGoogle Scholar
  24. 24.
    Murphy, S., Player, R.: Noise distributions in homomorphic ring-LWE. Cryptology ePrint Archive, Report 2017/698 (2017). https://eprint.iacr.org/2017/698
  25. 25.
    Peikert, C.: Limits on the hardness of lattice problems in \(\ell _p\) norms. In: Proceedings of the Twenty-Second Annual IEEE Conference on Computational Complexity, CCC 2007, pp. 333–346. IEEE Computer Society, Washington (2007).  https://doi.org/10.1109/CCC.2007.12
  26. 26.
    Peikert, C.: An efficient and parallel Gaussian sampler for lattices. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 80–97. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-14623-7_5CrossRefGoogle Scholar
  27. 27.
    Peikert, C., Regev, O., Stephens-Davidowitz, N.: Pseudorandomness of ring-LWE for any ring and modulus. In: Proceedings of the 49th Annual ACM SIGACT Symposium on Theory of Computing, STOC 2017, pp. 461–473. ACM, New York (2017).  https://doi.org/10.1145/3055399.3055489
  28. 28.
    Rosca, M., Stehlé, D., Wallet, A.: On the ring-LWE and polynomial-LWE problems. Cryptology ePrint Archive, Report 2018/170 (2018). https://eprint.iacr.org/2018/170CrossRefGoogle Scholar
  29. 29.
    Stehlé, D., Steinfeld, R.: Making NTRU as secure as worst-case problems over ideal lattices. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 27–47. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-20465-4_4CrossRefGoogle Scholar
  30. 30.
    Wang, Y., Wang, M.: CRPSF and NTRU signatures over cyclotomic fields. Cryptology ePrint Archive, Report 2018/445 (2018). https://eprint.iacr.org/2018/445
  31. 31.
    Yu, Y., Xu, G., Wang, X.: Provably secure NTRU instances over prime cyclotomic rings. In: Fehr, S. (ed.) PKC 2017. LNCS, vol. 10174, pp. 409–434. Springer, Heidelberg (2017).  https://doi.org/10.1007/978-3-662-54365-8_17CrossRefGoogle Scholar
  32. 32.
    Yu, Y., Xu, G., Wang, X.: Provably secure NTRUEncrypt over more general cyclotomic rings. Cryptology ePrint Archive, Report 2017/304 (2017). https://refeprint.iacr.org/2017/304

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.School of MathematicsShandong UniversityJinanChina

Personalised recommendations