Provably Secure NTRUEncrypt over More General Cyclotomic Rings

NTRUEncrypt is a fast and standardized lattice-based public key encryption scheme, but it lacks a solid security guarantee. In 2011, Stehlé and Steinfeld first proposed a provably secure variant of NTRUEncrypt, denoted by pNE, over power-of-2 cyclotomic rings. The IND-CPA security of pNE is based on the worst-case quantum hardness of classical problems over ideal lattices. Recently, Yu, Xu and Wang constructed a pNE variant over prime cyclotomic rings, but it requires the parameters to be of rather larger sizes. In this paper, working with canonical embedding, we modify the key generation algorithm of pNE scheme to make it applicable to general cyclotomic rings and provide asymptotical parameters of pNE over prime power cyclotomic rings. In particular, our result allows tighter parameters for prime cyclotomic rings and improves the existing result. Furthermore, we also discuss a generalization to more general polynomial rings and point out several attributes that affect the selection of parameters. This discussion may be of some value in choosing the underlying ring for cryptographic applications.

[1]  Chris Peikert,et al.  On Ideal Lattices and Learning with Errors over Rings , 2010, JACM.

[2]  Adi Shamir,et al.  Lattice Attacks on NTRU , 1997, EUROCRYPT.

[3]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[4]  Chris Peikert,et al.  A Toolkit for Ring-LWE Cryptography , 2013, IACR Cryptol. ePrint Arch..

[5]  Ron Steinfeld,et al.  Making NTRU as Secure as Worst-Case Problems over Ideal Lattices , 2011, EUROCRYPT.

[6]  Léo Ducas,et al.  Ring-LWE in Polynomial Rings , 2012, IACR Cryptol. ePrint Arch..

[7]  J. Cheon,et al.  An algorithm for NTRU problems and cryptanalysis of the GGH multilinear map without a low-level encoding of zero , 2016, LMS J. Comput. Math..

[8]  Nick Howgrave-Graham,et al.  A Hybrid Lattice-Reduction and Meet-in-the-Middle Attack Against NTRU , 2007, CRYPTO.

[9]  Joseph H. Silverman,et al.  NTRU: A Ring-Based Public Key Cryptosystem , 1998, ANTS.

[10]  Chris Peikert,et al.  Limits on the Hardness of Lattice Problems in ℓp Norms , 2008, Twenty-Second Annual IEEE Conference on Computational Complexity (CCC'07).

[11]  Triantafyllos Xylouris On Linnik's constant , 2009, 0906.2749.

[12]  William Whyte,et al.  NTRUSIGN: Digital Signatures Using the NTRU Lattice , 2003, CT-RSA.

[13]  Daniele Micciancio,et al.  Worst-case to average-case reductions based on Gaussian measures , 2004, 45th Annual IEEE Symposium on Foundations of Computer Science.

[14]  Tanja Lange,et al.  NTRU Prime: Reducing Attack Surface at Low Cost , 2017, SAC.

[15]  Matti Jutila On Linnik's constant. , 1977 .

[16]  Pierre-Alain Fouque,et al.  Revisiting Lattice Attacks on Overstretched NTRU Parameters , 2017, EUROCRYPT.

[17]  Ron Steinfeld,et al.  Making NTRUEncrypt and NTRUSign as Secure as Standard Worst-Case Problems over Ideal Lattices , 2013, IACR Cryptol. ePrint Arch..

[18]  Erdem Alkim,et al.  Post-quantum Key Exchange - A New Hope , 2016, USENIX Security Symposium.

[19]  Damien Stehlé,et al.  CRYSTALS - Dilithium: Digital Signatures from Module Lattices , 2017, IACR Cryptol. ePrint Arch..

[20]  Chris Peikert,et al.  Limits on the Hardness of Lattice Problems in ell _p Norms , 2007, CCC.

[21]  Damien Stehlé,et al.  Worst-case to average-case reductions for module lattices , 2014, Designs, Codes and Cryptography.

[22]  Johannes A. Buchmann,et al.  On the Efficiency of Provably Secure NTRU , 2014, PQCrypto.

[23]  Martin R. Albrecht,et al.  A Subfield Lattice Attack on Overstretched NTRU Assumptions - Cryptanalysis of Some FHE and Graded Encoding Schemes , 2016, CRYPTO.

[24]  Phong Q. Nguyen,et al.  Learning a Parallelepiped: Cryptanalysis of GGH and NTRU Signatures , 2006, EUROCRYPT.

[25]  Ronald Cramer,et al.  Short Stickelberger Class Relations and Application to Ideal-SVP , 2016, EUROCRYPT.

[26]  Craig Gentry,et al.  Discrete Gaussian Leftover Hash Lemma over Infinite Domains , 2013, ASIACRYPT.

[27]  Yang Yu,et al.  Provably Secure NTRU Instances over Prime Cyclotomic Rings , 2017, Public Key Cryptography.

[28]  Léo Ducas,et al.  Efficient Identity-Based Encryption over NTRU Lattices , 2014, ASIACRYPT.

[29]  Craig Gentry,et al.  Trapdoors for hard lattices and new cryptographic constructions , 2008, IACR Cryptol. ePrint Arch..

[30]  Michael Naehrig,et al.  Improved Security for a Ring-Based Fully Homomorphic Encryption Scheme , 2013, IMACC.

[31]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2009, JACM.

[32]  Léo Ducas,et al.  Lattice Signatures and Bimodal Gaussians , 2013, IACR Cryptol. ePrint Arch..

[33]  Nicolas Gama,et al.  New Chosen-Ciphertext Attacks on NTRU , 2007, Public Key Cryptography.

[34]  Daniele Micciancio Generalized Compact Knapsacks, Cyclic Lattices, and Efficient One-Way Functions , 2007, computational complexity.

[35]  RegevOded On lattices, learning with errors, random linear codes, and cryptography , 2009 .

[36]  Damien Stehlé,et al.  CRYSTALS - Kyber: A CCA-Secure Module-Lattice-Based KEM , 2017, 2018 IEEE European Symposium on Security and Privacy (EuroS&P).

[37]  LangloisAdeline,et al.  Worst-case to average-case reductions for module lattices , 2015 .

[38]  Ron Steinfeld,et al.  GGHLite: More Efficient Multilinear Maps from Ideal Lattices , 2014, IACR Cryptol. ePrint Arch..

[39]  Craig Gentry Key Recovery and Message Attacks on NTRU-Composite , 2001, EUROCRYPT.

[40]  Ron Steinfeld,et al.  NTRUCCA: How to Strengthen NTRUEncrypt to Chosen-Ciphertext Security in the Standard Model , 2012, Public Key Cryptography.

[41]  Chris Peikert,et al.  Pseudorandomness of ring-LWE for any ring and modulus , 2017, STOC.

[42]  Léo Ducas,et al.  Learning a Zonotope and More: Cryptanalysis of NTRUSign Countermeasures , 2012, ASIACRYPT.

[43]  Craig Gentry,et al.  Candidate Multilinear Maps from Ideal Lattices , 2013, EUROCRYPT.

[44]  Vinod Vaikuntanathan,et al.  On-the-fly multiparty computation on the cloud via multikey fully homomorphic encryption , 2012, STOC '12.

[45]  Antoine Joux,et al.  A Chosen-Ciphertext Attack against NTRU , 2000, CRYPTO.