Cryptology ePrint Archive: Report 2019/083

Cryptanalysis of an NTRU-based Proxy Encryption Scheme from ASIACCS'15

Zhen Liu and Yanbin Pan and Zhenfei Zhang

Abstract: In ASIACCS 2015, Nuñez, Agudo, and Lopez proposed a proxy re-encryption scheme, NTRUReEncrypt, based on NTRU, which allows a proxy to translate ciphertext under the delegator's public key into a re-encrypted ciphertext that can be decrypted correctly by delegatee's private key. In addition to its potential resistance to quantum algorithm, the scheme was also considered to be efficient. However, in this paper we point out that the re-encryption process will increase the decryption error, and the increased decryption error will lead to a reaction attack that enables the proxy to recover the private key of the delegator and the delegatee. Moreover, we also propose a second attack which enables the delegatee to recover the private key of the delegator when he collects enough re-encrypted ciphertexts from a same message. We reevaluate the security of NTRUReEncrypt, and also give suggestions and discussions on potential mitigation methods.

Category / Keywords: public-key cryptography / NTRUReEncrypt, NTRU, Decryption Failure, Reaction Attack, Key Recovery

Original Publication (with minor differences): PQCrypto 2019

Date: received 24 Jan 2019, last revised 24 Feb 2019

Contact author: Zhenfei zhang at hotmail com

Available format(s): PDF | BibTeX Citation

Version: 20190224:194430 (All versions of this report)

Short URL: ia.cr/2019/083