Cryptology ePrint Archive: Report 2019/083
Cryptanalysis of an NTRU-based Proxy Encryption Scheme from ASIACCS'15
Zhen Liu and Yanbin Pan and Zhenfei Zhang
Abstract: In ASIACCS 2015, Nuñez, Agudo, and Lopez proposed a proxy re-encryption scheme, NTRUReEncrypt, based on NTRU, which allows a proxy to translate ciphertext under the delegator's public key into a re-encrypted ciphertext that can be decrypted correctly by delegatee's private key. In addition to its potential resistance to quantum algorithm, the scheme was also considered to be efficient. However, in this paper we point out that the re-encryption process will increase the decryption error, and the increased decryption error will lead to a reaction attack that enables the proxy to recover the private key of the delegator and the delegatee. Moreover, we also propose a second attack which enables the delegatee to recover the private key of the delegator when he collects enough re-encrypted ciphertexts from a same message. We reevaluate the security of NTRUReEncrypt, and also give suggestions and discussions on potential mitigation methods.
Category / Keywords: public-key cryptography / NTRUReEncrypt, NTRU, Decryption Failure, Reaction Attack, Key Recovery
Original Publication (with minor differences): PQCrypto 2019
Date: received 24 Jan 2019, last revised 24 Feb 2019
Contact author: Zhenfei zhang at hotmail com
Available format(s): PDF | BibTeX Citation
Version: 20190224:194430 (All versions of this report)
Short URL: ia.cr/2019/083
[ Cryptology ePrint archive ]