Paper 2014/794

Efficient Identity-Based Encryption over NTRU Lattices

Léo Ducas, Vadim Lyubashevsky, and Thomas Prest


Efficient implementations of lattice-based cryptographic schemes have been limited to only the most basic primitives like encryption and digital signatures. The main reason for this limitation is that at the core of many advanced lattice primitives is a trapdoor sampling algorithm(Gentry, Peikert, Vaikuntanathan, STOC 2008) that produced outputs that were too long for practical applications. In this work, we show that using a particular distribution over NTRU lattices can make GPV-based schemes suitable for practice. More concretely, we present the first lattice-based IBE scheme with practical parameters - key and ciphertext sizes are between two and four kilobytes, and all encryption and decryption operations take approximately one millisecond on a moderately-powered laptop. As a by-product, we also obtain digital signature schemes which are shorter than the previously most-compact ones of Ducas, Durmus, Lepoint, and Lyubashevsky from Crypto 2013.

Available format(s)
Public-key cryptography
Publication info
A minor revision of an IACR publication in ASIACRYPT 2014
Lattice CryptographyIdentity-Based EncryptionDigital SignaturesNTRU
Contact author(s)
thomas prest @ ens fr
2014-10-10: received
Short URL
Creative Commons Attribution


      author = {Léo Ducas and Vadim Lyubashevsky and Thomas Prest},
      title = {Efficient Identity-Based Encryption over NTRU Lattices},
      howpublished = {Cryptology ePrint Archive, Paper 2014/794},
      year = {2014},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.