Cryptology ePrint Archive: Report 2021/1426

On Unpadded NTRU Quantum (In)Security

Théodore Conrad-Frenkiel and Rémi Géraud-Stewart and David Naccache

Abstract: This paper utilizes the techniques used by Regev \cite{DBLP:journals/jacm/Regev09} and Lyubashevsky, Peikert \& Regev in the security reduction of LWE and its algebraic variants \cite{DBLP:conf/eurocrypt/LyubashevskyPR13} to exhibit a quantum reduction from the decryption of NTRU to leaking information about the secret key. Since this reduction requires decryption with the same key one wishes to attack, it renders NTRU vulnerable to the same type of attacks that affect the Rabin--Williams scheme \cite{DBLP:conf/eurocrypt/Bernstein08} -- albeit requiring a quantum decryption query.

A common practice thwarting such attacks consists in applying the Fujisaki-Okamoto (FO, \cite{DBLP:conf/pkc/FujisakiO99}) transformation before encrypting. However, not all NTRU protocols enforce this protection. In particular the DPKE version of NTRU \cite{DBLP:conf/eurocrypt/SaitoXY18} is susceptible to such an attack.

Category / Keywords: public-key cryptography / NTRU, cryptanalysis, post-quantum cryptography

Date: received 22 Oct 2021

Contact author: david naccache at ens fr

Available format(s): PDF | BibTeX Citation

Version: 20211024:073920 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]