Please use this identifier to cite or link to this item: http://hdl.handle.net/1959.14/175059
101 Visitors113 Hits0 Downloads
NTRUCCA : how to strengthen NTRUEncrypt to chosen-ciphertext security in the standard model
International Conference on Practice and Theory in Public Key Cryptography (15th : 2012) (21 - 23 May 2012 : Darmstadt, Germany)
Fischlin, Marc; Buchmann, Johannes and Manulis, Mark. Public key cryptography : PKC 2012 : 15th International Conference on Practice and Theory in Public Key Cryptography, Darmstadt, Germany, May 21-23 2012 : proceedings, p.353-371
NTRUEncrypt is a fast and practical lattice-based public-key encryption scheme, which has been standardized by IEEE, but until recently, its security analysis relied only on heuristic arguments. Recently, Stehlé and Steinfeld showed that a slight variant (that we call pNE) could be proven to be secure under chosen-plaintext attack (IND-CPA), assuming the hardness of worst-case problems in ideal lattices. We present a variant of pNE called NTRUCCA, that is IND-CCA2 secure in the standard model assuming the hardness of worst-case problems in ideal lattices, and only incurs a constant factor overhead in ciphertext and key length over the pNE scheme. To our knowledge, our result gives the first IND-CCA2 secure variant of NTRUEncrypt in the standard model, based on standard cryptographic assumptions. As an intermediate step, we present a construction for an All-But-One (ABO) lossy trapdoor function from pNE, which may be of independent interest. Our scheme uses the lossy trapdoor function framework of Peikert and Waters, which we generalize to the case of (k - 1)-of-k-correlated input distributions.