Paper 2022/1092
On NTRU-ν-um Modulo $X^N − 1$
Abstract
NTRU-ν-um is a fully homomorphic encryption schemes making use of NTRU as a building block. NTRU-ν-um comes in two versions: a first instantiation working with polynomials modulo XN − 1 with N a prime [cyclic version] and a second instantiation working with polynomials modulo XN + 1 with N a power of two [negacyclic version]. This report shows that the cyclic version of NTRU-ν-um is not secure. Specifically, it does not provide indistinguishability of encryptions. More critically, the scheme leaks the underlying private LWE keys. Source code for mounting the attacks is provided. The attacks were practically validated on the given parameter sets.
Metadata
- Available format(s)
-
PDF
- Category
- Attacks and cryptanalysis
- Publication info
- Preprint.
- Keywords
- NTRU-ν-um Fully homomorphic encryption Key recovery attack
- Contact author(s)
- marc @ zama ai
- History
- 2022-08-29: approved
- 2022-08-23: received
- See all versions
- Short URL
- https://ia.cr/2022/1092
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2022/1092, author = {Marc Joye}, title = {On NTRU-ν-um Modulo $X^N − 1$}, howpublished = {Cryptology ePrint Archive, Paper 2022/1092}, year = {2022}, note = {\url{https://eprint.iacr.org/2022/1092}}, url = {https://eprint.iacr.org/2022/1092} }