Paper 2022/1092

On NTRU-ν-um Modulo $X^N − 1$

Marc Joye, Zama
Abstract

NTRU-ν-um is a fully homomorphic encryption schemes making use of NTRU as a building block. NTRU-ν-um comes originally in two versions: a first instantiation working with polynomials modulo $X^N - 1$ with $N$ a prime [cyclic version] and a second instantiation working with polynomials modulo $X^N + 1$ with $N$ a power of two [negacyclic version]. The cyclic version is now deprecated. This work shows that the cyclic version of NTRU-ν-um is not secure. Specifically, it does not provide indistinguishability of encryptions. More critically, the scheme leaks the underlying private LWE keys. Source code for mounting the attacks is provided. The attacks were practically validated on the given parameter sets.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Published elsewhere. 2nd Annual FHE.org Conference (FHE.org 2023), Contributed talk, Tokyo, Japan, March 26, 2023
Keywords
NTRU-ν-umFully homomorphic encryptionKey recovery attack
Contact author(s)
marc @ zama ai
History
2023-04-08: revised
2022-08-23: received
See all versions
Short URL
https://ia.cr/2022/1092
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2022/1092,
      author = {Marc Joye},
      title = {On NTRU-ν-um Modulo $X^N − 1$},
      howpublished = {Cryptology ePrint Archive, Paper 2022/1092},
      year = {2022},
      note = {\url{https://eprint.iacr.org/2022/1092}},
      url = {https://eprint.iacr.org/2022/1092}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.