Provably Secure NTRUEncrypt over Any Cyclotomic Field

  • Yang Wang
  • Mingqiang WangEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11349)


NTRUEncrypt is generally recognized as one of candidate encryption schemes for post quantum cryptography, due to its moderate key sizes, remarkable performance and potential capacity of resistance to quantum computers. However, the previous provably secure NTRUEncrypts are only based on prime-power cyclotomic rings. Whether there are provably secure NTRUEncrypt schemes over more general algebraic number fields is still an open problem. In this paper, we answer this question and present a new provably IND-CPA secure NTRUEncrypt over any cyclotomic field. The security of our scheme is reduced to a variant of learning with errors problem over rings (Ring-LWE). More precisely, the security of our scheme is based on the worst-case approximate shortest independent vectors problem (SIVP\(_\gamma \)) over ideal lattices. We prove that, once the field is fixed, the bounds of the reduction parameter \(\gamma \) and the modulus q in our scheme are less dependent on the choices of plaintext spaces. This leads to that our scheme provides more flexibility for the choices of plaintext spaces with higher efficiency under stronger security assumption. Furthermore, the probability that the decryption algorithm of our scheme fails to get the correct plaintext is much smaller than that of the previous works.


NTRU Ideal lattices Canonical embedding Cyclotomic fields Ring-LWE 



We would like to express our gratitude to Bin Guan and Yang Yu for helpful discussions. We also thank the anonymous SAC’18 reviewers for their valuable comments and suggestions. The authors are supported by National Cryptography Development Fund (Grant No. MMJJ20180210), NSFC Grant 61832012, NSFC Grant 61672019 and the Fundamental Research Funds of Shandong University (Grant No. 2016JC029).


  1. 1.
    Albrecht, M., Bai, S., Ducas, L.: A subfield lattice attack on overstretched NTRU assumptions. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 153–178. Springer, Heidelberg (2016). Scholar
  2. 2.
    Bos, J.W., Lauter, K., Loftus, J., Naehrig, M.: Improved security for a ring-based fully homomorphic encryption scheme. In: Stam, M. (ed.) IMACC 2013. LNCS, vol. 8308, pp. 45–64. Springer, Heidelberg (2013). Scholar
  3. 3.
    Cabarcas, D., Weiden, P., Buchmann, J.: On the efficiency of provably secure NTRU. In: Mosca, M. (ed.) PQCrypto 2014. LNCS, vol. 8772, pp. 22–39. Springer, Cham (2014). Scholar
  4. 4.
    Cheon, J.H., Jeong, J., Lee, C.: An algorithm for NTRU problems and cryptanalysis of the GGH multilinear map without a low-level encoding of zero. LMS J. Comput. Math. 19(A), 255–266 (2016). Scholar
  5. 5.
    Coppersmith, D., Shamir, A.: Lattice attacks on NTRU. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 52–61. Springer, Heidelberg (1997). Scholar
  6. 6.
    Ducas, L., Durmus, A.: Ring-LWE in polynomial rings. In: Fischlin, M., Buchmann, J., Manulis, M. (eds.) PKC 2012. LNCS, vol. 7293, pp. 34–51. Springer, Heidelberg (2012). Scholar
  7. 7.
    Ducas, L., Durmus, A., Lepoint, T., Lyubashevsky, V.: Lattice signatures and bimodal Gaussians. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 40–56. Springer, Heidelberg (2013). Scholar
  8. 8.
    Ducas, L., Lyubashevsky, V., Prest, T.: Efficient identity-based encryption over NTRU lattices. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8874, pp. 22–41. Springer, Heidelberg (2014). Scholar
  9. 9.
    Ducas, L., Nguyen, P.Q.: Learning a zonotope and more: cryptanalysis of NTRUSign countermeasures. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 433–450. Springer, Heidelberg (2012). Scholar
  10. 10.
    Gama, N., Nguyen, P.Q.: New chosen-ciphertext attacks on NTRU. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 89–106. Springer, Heidelberg (2007). Scholar
  11. 11.
    Garg, S., Gentry, C., Halevi, S.: Candidate multilinear maps from ideal lattices. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 1–17. Springer, Heidelberg (2013). Scholar
  12. 12.
    Gentry, C.: Key recovery and message attacks on NTRU-composite. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 182–194. Springer, Heidelberg (2001). Scholar
  13. 13.
    Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoors for hard lattices and new cryptographic constructions. In: Proceedings of the Fortieth Annual ACM Symposium on Theory of Computing, STOC 2008, pp. 197–206, ACM, New York (2008).
  14. 14.
    Hoffstein, J., Howgrave-Graham, N., Pipher, J., Silverman, J.H., Whyte, W.: NTRUSign: digital signatures using the NTRU lattice. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 122–140. Springer, Heidelberg (2003). Scholar
  15. 15.
    Hoffstein, J., Pipher, J., Silverman, J.H.: NTRU: a ring-based public key cryptosystem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 267–288. Springer, Heidelberg (1998). Scholar
  16. 16.
    Howgrave-Graham, N.: A hybrid lattice-reduction and meet-in-the-middle attack against NTRU. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 150–169. Springer, Heidelberg (2007). Scholar
  17. 17.
    Jaulmes, É., Joux, A.: A chosen-ciphertext attack against NTRU. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 20–35. Springer, Heidelberg (2000). Scholar
  18. 18.
    Kirchner, P., Fouque, P.-A.: Revisiting lattice attacks on overstretched NTRU parameters. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10210, pp. 3–26. Springer, Cham (2017). Scholar
  19. 19.
    Langlois, A., Stehlé, D.: Worst-case to average-case reductions for module lattices. Des. Codes Cryptogr. 75(3), 565–599 (2015). Scholar
  20. 20.
    López-Alt, A., Tromer, E., Vaikuntanathan, V.: On-the-fly multiparty computation on the cloud via multikey fully homomorphic encryption. In: Proceedings of the Forty-Fourth Annual ACM Symposium on Theory of Computing, STOC 2012, pp. 1219–1234. ACM, New York (2012).
  21. 21.
    Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 1–23. Springer, Heidelberg (2010). Scholar
  22. 22.
    Lyubashevsky, V., Peikert, C., Regev, O.: A toolkit for ring-LWE cryptography. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 35–54. Springer, Heidelberg (2013). Scholar
  23. 23.
    Micciancio, D., Regev, O.: Worst-case to average-case reductions based on Gaussian measures. SIAM J. Comput. 37(1), 267–302 (2007). Scholar
  24. 24.
    Murphy, S., Player, R.: Noise distributions in homomorphic ring-LWE. Cryptology ePrint Archive, Report 2017/698 (2017).
  25. 25.
    Peikert, C.: Limits on the hardness of lattice problems in \(\ell _p\) norms. In: Proceedings of the Twenty-Second Annual IEEE Conference on Computational Complexity, CCC 2007, pp. 333–346. IEEE Computer Society, Washington (2007).
  26. 26.
    Peikert, C.: An efficient and parallel Gaussian sampler for lattices. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 80–97. Springer, Heidelberg (2010). Scholar
  27. 27.
    Peikert, C., Regev, O., Stephens-Davidowitz, N.: Pseudorandomness of ring-LWE for any ring and modulus. In: Proceedings of the 49th Annual ACM SIGACT Symposium on Theory of Computing, STOC 2017, pp. 461–473. ACM, New York (2017).
  28. 28.
    Rosca, M., Stehlé, D., Wallet, A.: On the ring-LWE and polynomial-LWE problems. Cryptology ePrint Archive, Report 2018/170 (2018). Scholar
  29. 29.
    Stehlé, D., Steinfeld, R.: Making NTRU as secure as worst-case problems over ideal lattices. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 27–47. Springer, Heidelberg (2011). Scholar
  30. 30.
    Wang, Y., Wang, M.: CRPSF and NTRU signatures over cyclotomic fields. Cryptology ePrint Archive, Report 2018/445 (2018).
  31. 31.
    Yu, Y., Xu, G., Wang, X.: Provably secure NTRU instances over prime cyclotomic rings. In: Fehr, S. (ed.) PKC 2017. LNCS, vol. 10174, pp. 409–434. Springer, Heidelberg (2017). Scholar
  32. 32.
    Yu, Y., Xu, G., Wang, X.: Provably secure NTRUEncrypt over more general cyclotomic rings. Cryptology ePrint Archive, Report 2017/304 (2017).

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.School of MathematicsShandong UniversityJinanChina

Personalised recommendations