An Algorithm for NTRU Problems and Cryptanalysis of the GGH Multilinear Map without an encoding of zero

Let h and g be polynomials of bounded Euclidean norm in the ring Z[X]/⟨X+1⟩. Given polynomial [h/g]q ∈ Zq[X]/⟨X+1⟩, the NTRU problem is to find a, b ∈ Z[X]/⟨X + 1⟩ with small Euclidean norm such that [a/b]q = [h/g]q. We propose an algorithm to solve the NTRU problem which runs in 2 2 q) time when ∥g∥, ∥h∥ and ∥g−1∥ are in some range. The main technique of our algorithm is to reduce a problem on a field to one in a subfield. Recently, the GGH scheme, the first candidate of a (approximate) multilinear map, was known to be insecure by the Hu-Jia attack using encodings of zero, but no polynomial time attack was known without them. Our algorithm can be directly applied to construct level-0 encodings of zero and so utilized to attack the GGH scheme without encodings of zero in polynomial time of its security parameter.

[1]  Craig Gentry,et al.  Candidate Multilinear Maps from Ideal Lattices , 2013, EUROCRYPT.

[2]  Yupu Hu,et al.  Cryptanalysis of GGH Map , 2016, EUROCRYPT.

[3]  Ron Steinfeld,et al.  GGHLite: More Efficient Multilinear Maps from Ideal Lattices , 2014, IACR Cryptol. ePrint Arch..

[4]  Jean-Sébastien Coron,et al.  Cryptanalysis of GGH 15 Multilinear Maps , 2016 .

[5]  Jung Hee Cheon,et al.  Cryptanalysis of the New CLT Multilinear Maps , 2015, IACR Cryptol. ePrint Arch..

[6]  William Whyte,et al.  NTRUSIGN: Digital Signatures Using the NTRU Lattice , 2003, CT-RSA.

[7]  Michael Naehrig,et al.  Improved Security for a Ring-Based Fully Homomorphic Encryption Scheme , 2013, IMACC.

[8]  Eric Miles,et al.  Annihilation Attacks for Multilinear Maps: Cryptanalysis of Indistinguishability Obfuscation over GGH13 , 2016, CRYPTO.

[9]  Mehdi Tibouchi,et al.  Cryptanalysis of GGH15 Multilinear Maps , 2016, CRYPTO.

[10]  Craig Gentry,et al.  Graph-Induced Multilinear Maps from Lattices , 2015, TCC.

[11]  Martin R. Albrecht,et al.  Implementing Candidate Graded Encoding Schemes from Ideal Lattices , 2015, ASIACRYPT.

[12]  Jean-Sébastien Coron,et al.  New Multilinear Maps Over the Integers , 2015, CRYPTO.

[13]  Jean-Sébastien Coron,et al.  Practical Multilinear Maps over the Integers , 2013, CRYPTO.

[14]  Dan Boneh,et al.  Applications of Multilinear Forms to Cryptography , 2002, IACR Cryptol. ePrint Arch..

[15]  Jung Hee Cheon,et al.  Cryptanalysis of the Multilinear Map over the Integers , 2014, EUROCRYPT.

[16]  Léo Ducas,et al.  Lattice Signatures and Bimodal Gaussians , 2013, IACR Cryptol. ePrint Arch..

[17]  Joseph H. Silverman,et al.  NTRU: A Ring-Based Public Key Cryptosystem , 1998, ANTS.

[18]  Martin R. Albrecht,et al.  A Subfield Lattice Attack on Overstretched NTRU Assumptions - Cryptanalysis of Some FHE and Graded Encoding Schemes , 2016, CRYPTO.

[19]  Damien Stehlé,et al.  Terminating BKZ , 2011, IACR Cryptol. ePrint Arch..