A Lattice Attack on Homomorphic NTRU with Non-invertible Public Keys
In 2011, Stehlé and Steinfeld modified the original NTRU to get a provably IND-CPA secure NTRU under the hardness assumption of standard worst-case problems over ideal lattices. In 2012, López-Alt et al. proposed the first multikey fully homomorphic encryption scheme based on the IND-CPA secure NTRU. Interestingly, this homomorphic NTRU and subsequent homomorphic variants of NTRU removed the condition ‘invertible public key’ of the underlying IND-CPA secure NTRU. In this paper, we investigate the security influence of using non-invertible public key in the homomorphic NTRU. As a result, we present how to mount a lattice attack to message recovery for the homomorphic NTRU when the public key is non-invertible. Our result suggests that using invertible public keys in the homomorphic NTRU is necessary for its security.
KeywordsNTRU Homomorphic NTRU IND-CPA security Lattices LLL algorithm
Hyang-Sook Lee and Seongan Lim were supported by Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Science, ICT and Future Planning (Grant Number: 2015R1A2A1A15054564). Seongan Lim was also supported by Basic Science Research Program through the NRF funded by the Ministry of Science, ICT and Future Planning (Grant Number: 2016R1D1A1B01008562). Ikkwon Yie was supported by Basic Science Research Program through the NRF funded by the Ministry of Science, ICT and Future Planning (Grant Number: 2017R1D1A1B03034721).
- 2.Ajtai, M.: The shortest vector problem in \(L_2\) is NP-hard for randomized reductions. In: STOC 1998, pp. 10–19 (1998)Google Scholar
- 5.Cheon, J.H., Jeong, J., Lee, C.: An algorithm for NTRU problems and cryptanalysis of the GGH multilinear map without an encoding of zero. Cryptology ePrint Archive, Report 2016/139 (2016)Google Scholar
- 8.Lopez-Alt, A., Tromer, E., Vaikuntanathan, V.: On-the-fly multyparty computation on the cloud via multikey fully homomorphic encryption. In: STOC 2012, pp. 1219–1234 (2012)Google Scholar
- 11.Security Inovation: NTRU PKCS Tutorial. https://www.securityinnovation.com