### On NTRU-ν-um Modulo $X^N − 1$

##### Abstract

NTRU-ν-um is a fully homomorphic encryption schemes making use of NTRU as a building block. NTRU-ν-um comes in two versions: a first instantiation working with polynomials modulo XN − 1 with N a prime [cyclic version] and a second instantiation working with polynomials modulo XN + 1 with N a power of two [negacyclic version]. This report shows that the cyclic version of NTRU-ν-um is not secure. Specifically, it does not provide indistinguishability of encryptions. More critically, the scheme leaks the underlying private LWE keys. Source code for mounting the attacks is provided. The attacks were practically validated on the given parameter sets.

Available format(s)
Category
Attacks and cryptanalysis
Publication info
Preprint.
Keywords
NTRU-ν-um Fully homomorphic encryption Key recovery attack
Contact author(s)
marc @ zama ai
History
2022-08-29: approved
See all versions
Short URL
https://ia.cr/2022/1092

CC BY

BibTeX

@misc{cryptoeprint:2022/1092,
author = {Marc Joye},
title = {On NTRU-ν-um Modulo $X^N − 1$},
howpublished = {Cryptology ePrint Archive, Paper 2022/1092},
year = {2022},
note = {\url{https://eprint.iacr.org/2022/1092}},
url = {https://eprint.iacr.org/2022/1092}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.