Paper 2019/083

Cryptanalysis of an NTRU-based Proxy Encryption Scheme from ASIACCS'15

Zhen Liu, Yanbin Pan, and Zhenfei Zhang


In ASIACCS 2015, Nuñez, Agudo, and Lopez proposed a proxy re-encryption scheme, NTRUReEncrypt, based on NTRU, which allows a proxy to translate ciphertext under the delegator's public key into a re-encrypted ciphertext that can be decrypted correctly by delegatee's private key. In addition to its potential resistance to quantum algorithm, the scheme was also considered to be efficient. However, in this paper we point out that the re-encryption process will increase the decryption error, and the increased decryption error will lead to a reaction attack that enables the proxy to recover the private key of the delegator and the delegatee. Moreover, we also propose a second attack which enables the delegatee to recover the private key of the delegator when he collects enough re-encrypted ciphertexts from a same message. We reevaluate the security of NTRUReEncrypt, and also give suggestions and discussions on potential mitigation methods.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. Minor revision. PQCrypto 2019
NTRUReEncryptNTRUDecryption FailureReaction AttackKey Recovery
Contact author(s)
Zhenfei zhang @ hotmail com
2019-02-24: revised
2019-01-28: received
See all versions
Short URL
Creative Commons Attribution


      author = {Zhen Liu and Yanbin Pan and Zhenfei Zhang},
      title = {Cryptanalysis of an {NTRU}-based Proxy Encryption Scheme from {ASIACCS}'15},
      howpublished = {Cryptology ePrint Archive, Paper 2019/083},
      year = {2019},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.