Provably Secure NTRU Instances over Prime Cyclotomic Rings

Yu, Yang; Xu, Guoqing; Wang, Xiaoyun

doi:10.1007/978-3-662-54365-8_17

Cited by 23 publications

(29 citation statements)

References 34 publications

(57 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…NTRU variants working with different rings. An NTRU variant that works with polynomials with prime cyclotomic rings was proposed in [35]. A variant of NTRU working with non-invertible polynomials was proposed in [22].…”

Section: Review Of Known Ntru Variantsmentioning

confidence: 99%

“…NTRU and its known variants [7,8,[19][20][21][22][23][24][25][26][27][28][29][30][31][32][33][34][35][36][37][38], shown in Section 2, work with degree N polynomials. The main problem NTRU faces is that it is susceptible to the lattice basis reduction attack (LBRA) using the Gaussian lattice reduction (GLR) algorithm for two-dimensional lattices and the LLL algorithm for higher dimensions [39].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

NTRU-Like Random Congruential Public-Key Cryptosystem for Wireless Sensor Networks

Ibrahim

Chefranov

Hamad

et al. 2020

Sensors

View full text Add to dashboard Cite

Wireless sensor networks (WSNs) are the core of the Internet of Things and require cryptographic protection. Cryptographic methods for WSN should be fast and consume low power as these networks rely on battery-powered devices and microcontrollers. NTRU, the fastest and secure public key cryptosystem, uses high degree, N, polynomials and is susceptible to the lattice basis reduction attack (LBRA). Congruential public key cryptosystem (CPKC), proposed by the NTRU authors, works on integers modulo q and is easily attackable by LBRA since it uses small numbers for the sake of the correct decryption. Herein, RCPKC, a random congruential public key cryptosystem working on degree N=0 polynomials modulo q, is proposed, such that the norm of a two-dimensional vector formed by its private key is greater than q. RCPKC works as NTRU, and it is a secure version of insecure CPKC. RCPKC specifies a range from which the random numbers shall be selected, and it provides correct decryption for valid users and incorrect decryption for an attacker using LBRA by Gaussian lattice reduction. RCPKC asymmetric encryption padding (RAEP), similar to its NTRU analog, NAEP, is IND-CCA2 secure. Due to the use of big numbers instead of high degree polynomials, RCPKC is about 27 times faster in encryption and decryption than NTRU. Furthermore, RCPKC is more than three times faster than the most effective known NTRU variant, BQTRU. Compared to NTRU, RCPKC reduces energy consumption at least thirty times, which allows increasing the life-time of unattended WSNs more than thirty times.

show abstract

Section: Review Of Known Ntru Variantsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

NTRU-Like Random Congruential Public-Key Cryptosystem for Wireless Sensor Networks

Ibrahim

Chefranov

Hamad

et al. 2020

Sensors

View full text Add to dashboard Cite

show abstract

“…2011 年, Stehlé 和 Steinfeld [65] 在形如 Z[x]/(x 2 m + 1) 的环上建立了可证明安全的 NTRU, 这个构造的抗量子性质目前也受到关注. 在更一般分圆环上可证明安全的 NTRU 的构造由 Yu 等 [66] 、Wang 和 Wang [67] 给出.…”

Section: Ntruunclassified

Computational aspects of lattices and their cryptographic applications

Xu¹,

Wang²

2020

Sci. Sin.-Math.

View full text Add to dashboard Cite

Stratification structures on a kind of completely distributive lattices and their applications in theory of topological molecular lattices Chinese Science Bulletin 42, 988 (1997); Lattices, Diophantine equations and applications to rational surfaces SCIENCE CHINA Mathematics 55, 1189 (2012); Tight-binding models for ultracold atoms in optical lattices: general formulation and applications SCIENCE CHINA Physics, Mechanics & Astronomy 59, 660001 (2016); New direction of computational fluid dynamics and its applications in industry

show abstract

“…The RLWE represents an algebraic variant of the LWE [21] , whose hardness can be reduced to the hardness of the worstcase problems on ideal lattices in the standard model. However, recently, it has been shown that subfield attacks [22][23][24][25] affected the asymptotic security of NTRUtype schemes for large moduli q: Yu et al [26,27] considered a variant of NTRU encrypt over prime cyclotomic rings and obtained the INDistinguish-ability under Chosen-Plaintext Attack (IND-CPA) secure results in the standard model assuming the hardness of the worstcase problems on ideal lattices, which was shown to be a good choice to resist the subfield attacks.…”

Section: Introductionmentioning

confidence: 99%

Modified multi-key fully homomorphic encryption based on NTRU cryptosystem without key-switching

Che

Zhou

et al. 2020

Tinshhua Sci. Technol.

View full text Add to dashboard Cite

The Multi-Key Fully Homomorphic Encryption (MKFHE) based on the NTRU cryptosystem is an important alternative to the post-quantum cryptography due to its simple scheme form, high efficiency, and fewer ciphertexts and keys. In 2012, López-Alt et al. proposed the first NTRU-type MKFHE scheme, the LTV12 scheme, using the key-switching and modulus-reduction techniques, whose security relies on two assumptions: the Ring Learning With Error (RLWE) assumption and the Decisional Small Polynomial Ratio (DSPR) assumption. However, the LTV12 and subsequent NTRU-type schemes are restricted to the family of power-of-2 cyclotomic rings, which may affect the security in the case of subfield attacks. Moreover, the key-switching technique of the LTV12 scheme requires a circular application of evaluation keys, which causes rapid growth of the error and thus affects the circuit depth. In this paper, an NTRU-type MKFHE scheme over prime cyclotomic rings without key-switching is proposed, which has the potential to resist the subfield attack and decrease the error exponentially during the homomorphic evaluating process. First, based on the RLWE and DSPR assumptions over the prime cyclotomic rings, a detailed analysis of the factors affecting the error during the homomorphic evaluations in the LTV12 scheme is provided. Next, a Low Bit Discarded & Dimension Expansion of Ciphertexts (LBD&DEC) technique is proposed, and the inherent homomorphic multiplication decryption structure of the NTRU is proposed, which can eliminate the key-switching operation in the LTV12 scheme. Finally, a leveled NTRU-type MKFHE scheme is developed using the LBD&DEC and modulus-reduction techniques. The analysis shows that the proposed scheme compared to the LTV12 scheme can decrease the magnitude of the error exponentially and minimize the dimension of ciphertexts.

show abstract

Provably Secure NTRU Instances over Prime Cyclotomic Rings

Cited by 23 publications

References 34 publications

NTRU-Like Random Congruential Public-Key Cryptosystem for Wireless Sensor Networks

NTRU-Like Random Congruential Public-Key Cryptosystem for Wireless Sensor Networks

Computational aspects of lattices and their cryptographic applications

Modified multi-key fully homomorphic encryption based on NTRU cryptosystem without key-switching

Contact Info

Product

Resources

About