Skip to main content
SpringerLink
Log in

A polynomial time algorithm for breaking NTRU encryption with multiple keys

  • Published:
Designs, Codes and Cryptography Aims and scope Submit manuscript

Abstract

We present a polynomial time algorithm for breaking NTRU encryption schemes with multiple keys. Our algorithm takes advantage of the specific sampling regime used in NTRU encryption, which samples secret polynomials with a fixed number of coefficients of 1 and \(-1\). By constructing an equation system on the secret keys, we are able to recover the unique secret key when n multiple keys sharing a common denominator are given for an extension degree n. This result shows that NTRU encryption schemes with multiple keys can be solved in polynomial time in n.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

Notes

  1. We focus exclusively on the NTRU-HPS parameter regime in our experimental analysis since it aligns with the parameter setup required in this paper, as defined in [11]. While there exists another parameter regime called NTRU-HRSS, it is not relevant to our work.

References

  1. Agrawal S., Pellet-Mary A.: Indistinguishability obfuscation without maps: attacks and fixes for noisy linear fe. In: Annual International Conference on the Theory and Applications of Cryptographic Techniques. Springer, New York, pp. 110–140 (2020).

  2. Agrawal S.: Indistinguishability obfuscation without multilinear maps: new methods for bootstrapping and instantiation. In: Annual International Conference on the Theory and Applications of Cryptographic Techniques. Springer, New York, pp. 191–225 (2019).

  3. Albrecht M.R., Cocis C., Laguillaumie F., Langlois A.: Implementing candidate graded encoding schemes from ideal lattices. In: Asiacrypt 2015, vol. 9453. Springer, New York (2015).

  4. Albrecht M., Bai S., Ducas L.: A subfield lattice attack on overstretched NTRU assumptions. In: Annual Cryptology Conference. Springer, New York, pp. 153–178 (2016).

  5. Ananth P., Jain A., Jin Z., Malavolta G.: Multi-key fully-homomorphic encryption in the plain model. In: Theory of Cryptography Conference. Springer, New York, pp. 28–57 (2020).

  6. Arora S., Ge R.: New algorithms for learning in presence of errors. In: International Colloquium on Automata, Languages, and Programming. Springer, New York, pp. 403–415 (2011).

  7. Bernstein D.J., Chuengsatiansup C., Lange T., van Vredendaal C.: NTRU prime: reducing attack surface at low cost. In: International Conference on Selected Areas in Cryptography. Springer, New York, pp. 235–260 (2017).

  8. Bernstein D.J., Chuengsatiansup C., Lange T., van Vredendaal C.: NTRU Prime: round 3. In: Submission to the NIST PQC Standardization Process. https://ntruprime.cr.yp.to (2020).

  9. Bos J.W., Lauter K.E., Loftus J., Naehrig M.: Improved security for a ring-based fully homomorphic encryption scheme. In: IMA International Conference. Springer, New York, pp. 45–64 (2013).

  10. Che X., Zhou T., Li N., Zhou H., Chen Z., Yang X.: Modified multi-key fully homomorphic encryption based on NTRU cryptosystem without key-switching. Tsinghua Sci. Technol. 25(5), 564–578 (2020).

    Article  Google Scholar 

  11. Chen C., Danba O., Hoffstein J., Hulsing A., Rijneveld J., Schanck J.M., Schwabe P., Whyte W., Zhang Z.: NTRU: algorithm specifications and supporting documentation (2019). https://csrc.nist.gov/projects/post-quantum-cryptography/round-2-submissions (2019).

  12. Cheon J.H., Jeong J., Lee C., Cheon Jung Hee: An algorithm for NTRU problems and cryptanalysis of the GGH multilinear map without a low-level encoding of zero. LMS J. Comput. Math. 19(1), 255–266 (2016).

    Article  MathSciNet  MATH  Google Scholar 

  13. Chongchitmate W., Ostrovsky R.: Circuit-private multi-key FHE. In: IACR International Workshop on Public Key Cryptography. Springer, New York, pp. 241–270 (2017).

  14. Chris P.: A decade of lattice cryptography. Found. Trends Theor. Comput. Sci. 10(4), 283–424 (2016).

    Article  MathSciNet  MATH  Google Scholar 

  15. Developers Sage: SageMath, the Sage Mathematics Software System (Version 9.5.2). https://www.sagemath.org (2020).

  16. Doröz Y., Yin H., Sunar B.: Homomorphic aes evaluation using the modified ltv scheme. Des. Codes Cryptogr. 80(2), 333–358 (2016).

    Article  MathSciNet  MATH  Google Scholar 

  17. Ducas L., Durmus A., Lepoint T., Lyubashevsky V.: Lattice signatures and bimodal gaussians. In: Advances in Cryptology–CRYPTO 2013. Springer, New York, pp. 40–56 (2013).

  18. Ducas L., Lyubashevsky V., Prest T.: Efficient identity-based encryption over NTRU lattices. In: International Conference on the Theory and Application of Cryptology and Information Security. Springer, New York, pp. 22–41 (2014).

  19. Ducas, L., van Woerden W.: Ntru fatigue: how stretched is overstretched? In: Advances in Cryptology–ASIACRYPT 2021: 27th International Conference on the Theory and Application of Cryptology and Information Security, Singapore, Proceedings, Part IV 27. Springer, New York, pp. 3–32 (2021).

  20. Garg S., Gentry C., Halevi S.: Candidate multilinear maps from ideal lattices. EUROCRYPT 2013, 1–17 (2013).

    MathSciNet  MATH  Google Scholar 

  21. Gentry C., Szydlo M.: Cryptanalysis of the revised NTRU signature scheme. In: International Conference on the Theory and Applications of Cryptographic Techniques. Springer, New York, pp. 299–320 (2002).

  22. Hoffstein J., Pipher J., Silverman J.H.: NTRU: a ring-based public key cryptosystem. In: Algorithmic number theory. Springer, New York, pp. 267–288 (1998).

  23. Hoffstein J., Howgrave-Graham N., Pipher J., Silverman J.H., Whyte W.: NTRUSIGN: digital signatures using the NTRU lattice. In: Topics in CryptologyùCT-RSA 2003. Springer, New York, pp. 122–140 (2003).

  24. Kirchner P., Fouque P.-A.: Revisiting lattice attacks on overstretched NTRU parameters. In: Annual International Conference on the Theory and Applications of Cryptographic Techniques. Springer, New York, pp. 3–26(2017).

  25. Langlois A., Stehlé D., Steinfeld R.: GGHLite: more efficient multilinear maps from ideal lattices. In: Annual International Conference on the Theory and Applications of Cryptographic Techniques. Springer, New York, pp. 239–256 (2014).

  26. Lenstra Arjen K., Lenstra H.W., Lovász L.: Factoring polynomials with rational coefficients. Math. Ann. 261, 515–534 (1982).

    Article  MathSciNet  MATH  Google Scholar 

  27. López-Alt A., Tromer E., Vaikuntanathan V.: On-the-fly multiparty computation on the cloud via multikey fully homomorphic encryption. In: Proceedings of the forty-fourth annual ACM symposium on Theory of computing, pp. 1219–1234 (2012).

  28. Nitaj A.: Cryptanalysis of NTRU with two public keys. Int. J. Netw. Secur. 16(2), 112–117 (2014).

    Google Scholar 

  29. Peikert C.: Multiple NTRU public keys for the same private key? https://crypto.stackexchange.com/questions/30893/multiple-ntru-public-keys-for-the-same-private-key (2015).

  30. Pellet-Mary A., Stehlé D.: On the hardness of the NTRU problem. In: International Conference on the Theory and Application of Cryptology and Information Security. Springer, New York, pp. 3–35 (2021).

  31. Singh S., Padhye S.: Cryptanalysis of NTRU with n public keys. In: 2017 ISEA Asia Security and Privacy (ISEASP). IEEE, pp. 1–6 (2017).

  32. Stehlé D., Steinfeld, R.: Making NTRU as secure as worst-case problems over ideal lattices. In: Annual International Conference on the Theory and Applications of Cryptographic Techniques. Springer, New York, pp. 27–47 (2011).

  33. Yu Y., Xu G., Wang X.: Provably secure NTRU instances over prime cyclotomic rings. In: IACR International Workshop on Public Key Cryptography. Springer, New York, pp. 409–434 (2017).

Download references

Acknowledgements

We sincerely thank for reviewers of Design, codes and cryptography for insightful reviews and efforts for improving the earlier version of this paper.

Funding

Supported by research funds for newly appointed professors of Jeonbuk National University in 2022. Supported by a KIAS Individual Grant CG080601 at Korea Institute for Advanced Study.

Author information

Authors and Affiliations

  1. Department of Computer Science and Artificial Intelligence/CAIIT, Jeonbuk National University (JBNU), Jeonju, 54896, Korea

    Jiseung Kim

  2. School of Computational Sciences, Korea Institute for Advanced Study (KIAS), Seoul, 02455, Korea

    Changmin Lee

Authors
  1. Jiseung Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Changmin Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Changmin Lee.

Additional information

Communicated by D. Stehle.

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Kim, J., Lee, C. A polynomial time algorithm for breaking NTRU encryption with multiple keys. Des. Codes Cryptogr. 91, 2779–2789 (2023). https://doi.org/10.1007/s10623-023-01233-5

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10623-023-01233-5

Keywords

Mathematics Subject Classification

Search

Navigation