A Lattice Attack on Homomorphic NTRU with Non-invertible Public Keys

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10631)


In 2011, Stehlé and Steinfeld modified the original NTRU to get a provably IND-CPA secure NTRU under the hardness assumption of standard worst-case problems over ideal lattices. In 2012, López-Alt et al. proposed the first multikey fully homomorphic encryption scheme based on the IND-CPA secure NTRU. Interestingly, this homomorphic NTRU and subsequent homomorphic variants of NTRU removed the condition ‘invertible public key’ of the underlying IND-CPA secure NTRU. In this paper, we investigate the security influence of using non-invertible public key in the homomorphic NTRU. As a result, we present how to mount a lattice attack to message recovery for the homomorphic NTRU when the public key is non-invertible. Our result suggests that using invertible public keys in the homomorphic NTRU is necessary for its security.


NTRU Homomorphic NTRU IND-CPA security Lattices LLL algorithm 



Hyang-Sook Lee and Seongan Lim were supported by Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Science, ICT and Future Planning (Grant Number: 2015R1A2A1A15054564). Seongan Lim was also supported by Basic Science Research Program through the NRF funded by the Ministry of Science, ICT and Future Planning (Grant Number: 2016R1D1A1B01008562). Ikkwon Yie was supported by Basic Science Research Program through the NRF funded by the Ministry of Science, ICT and Future Planning (Grant Number: 2017R1D1A1B03034721).


  1. 1.
    Albrecht, M., Bai, S., Ducas, L.: A subfield lattice attack on overstretched NTRU assumptions. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 153–178. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53018-4_6CrossRefGoogle Scholar
  2. 2.
    Ajtai, M.: The shortest vector problem in \(L_2\) is NP-hard for randomized reductions. In: STOC 1998, pp. 10–19 (1998)Google Scholar
  3. 3.
    Bos, J.W., Lauter, K., Loftus, J., Naehrig, M.: Improved security for a ring-based fully homomorphic encryption scheme. In: Proceedings of IMA International Conference 2013, pp. 45–64 (2013)CrossRefGoogle Scholar
  4. 4.
    Bremner, M.R.: Lattice Basis Reduction-An Introduction to the LLL Algorithm and its Applications. CRC Press, Boca Raton (2012)MATHGoogle Scholar
  5. 5.
    Cheon, J.H., Jeong, J., Lee, C.: An algorithm for NTRU problems and cryptanalysis of the GGH multilinear map without an encoding of zero. Cryptology ePrint Archive, Report 2016/139 (2016)Google Scholar
  6. 6.
    Hoffstein, J., Pipher, J., Silverman, J.H.: NTRU: a ring-based public key cryptosystem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 267–288. Springer, Heidelberg (1998).  https://doi.org/10.1007/BFb0054868CrossRefGoogle Scholar
  7. 7.
    Lenstra, A.K., Lenstra, H.W., Lovász, L.: Factoring polynomials with rational coefficients. Mahtematische Ann. 261, 513–534 (1982)MathSciNetMATHGoogle Scholar
  8. 8.
    Lopez-Alt, A., Tromer, E., Vaikuntanathan, V.: On-the-fly multyparty computation on the cloud via multikey fully homomorphic encryption. In: STOC 2012, pp. 1219–1234 (2012)Google Scholar
  9. 9.
    Rohloff, K., Cousins, D.B.: A scalable implementation of fully homomorphic encryption built on NTRU. In: Böhme, R., Brenner, M., Moore, T., Smith, M. (eds.) FC 2014. LNCS, vol. 8438, pp. 221–234. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-44774-1_18CrossRefGoogle Scholar
  10. 10.
    Stehlé, D., Steinfeld, R.: Making NTRU as secure as worst-case problems over ideal lattices. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 27–47. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-20465-4_4CrossRefGoogle Scholar
  11. 11.
    Security Inovation: NTRU PKCS Tutorial. https://www.securityinnovation.com

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Department of MathematicsEwha Womans UniversitySeoulKorea
  2. 2.Institute of Mathematical SciencesEwha Womans UniversitySeoulKorea
  3. 3.Department of MathematicsInha UniversityIncheonKorea

Personalised recommendations