TY - GEN
T1 - Compact Encryption Based on Module-NTRU Problems
AU - Bai, Shi
AU - Jangir, Hansraj
AU - Lin, Hao
AU - Ngo, Tran
AU - Wen, Weiqiang
AU - Zheng, Jinwei
N1 - Publisher Copyright:
© The Author(s), under exclusive license to Springer Nature Switzerland AG 2024.
PY - 2024/1/1
Y1 - 2024/1/1
N2 - The Module-NTRU problem, introduced by Cheon, Kim, Kim, Son (IACR ePrint 2019/1468), and Chuengsatiansup, Prest, Stehlé, Wallet, Xagawa (ASIACCS ’20), generalizes the versatile NTRU assumption. One of its main advantages lies in its ability to offer greater flexibility on parameters, such as the underlying ring dimension. In this work, we present several lattice-based encryption schemes, which are IND-CPA (or OW-CPA) secure in the standard model based on the Module-NTRU and Module-LWE problems. Leveraging the Fujisaki-Okamoto transformations, one can obtain IND-CCA secure key encapsulation schemes. Our first encryption scheme is based on the Module-NTRU assumption, which uses the determinant of the secret matrix over the underlying ring for the decryption. Our second scheme is analogue to the Module-LWE encryption scheme, but uses only a matrix as the public key, based on a vectorial variant of the Module-NTRU problem. In the end, we conduct comprehensive analysis of known attacks and propose concrete parameters for the instantiations. In particular, our ciphertext size is about 614 (resp. 1228) bytes for NIST Level 1 (resp. Level 5) security and small decryption failure, placing it on par with the most recent schemes such as the one proposed by Zhang, Feng and Yan (ASIACRYPT ’23). We also present several competitive parameters for NIST Level 3, which has a ciphertext size of 921 bytes. Moreover, our schemes do not require specific codes for plaintext encoding and decoding.
AB - The Module-NTRU problem, introduced by Cheon, Kim, Kim, Son (IACR ePrint 2019/1468), and Chuengsatiansup, Prest, Stehlé, Wallet, Xagawa (ASIACCS ’20), generalizes the versatile NTRU assumption. One of its main advantages lies in its ability to offer greater flexibility on parameters, such as the underlying ring dimension. In this work, we present several lattice-based encryption schemes, which are IND-CPA (or OW-CPA) secure in the standard model based on the Module-NTRU and Module-LWE problems. Leveraging the Fujisaki-Okamoto transformations, one can obtain IND-CCA secure key encapsulation schemes. Our first encryption scheme is based on the Module-NTRU assumption, which uses the determinant of the secret matrix over the underlying ring for the decryption. Our second scheme is analogue to the Module-LWE encryption scheme, but uses only a matrix as the public key, based on a vectorial variant of the Module-NTRU problem. In the end, we conduct comprehensive analysis of known attacks and propose concrete parameters for the instantiations. In particular, our ciphertext size is about 614 (resp. 1228) bytes for NIST Level 1 (resp. Level 5) security and small decryption failure, placing it on par with the most recent schemes such as the one proposed by Zhang, Feng and Yan (ASIACRYPT ’23). We also present several competitive parameters for NIST Level 3, which has a ciphertext size of 921 bytes. Moreover, our schemes do not require specific codes for plaintext encoding and decoding.
KW - Encapsulation
KW - Encryption
KW - Lattice-based cryptography
KW - Module-NTRU problem
U2 - 10.1007/978-3-031-62743-9_13
DO - 10.1007/978-3-031-62743-9_13
M3 - Conference contribution
AN - SCOPUS:85197291501
SN - 9783031627422
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 371
EP - 405
BT - Post-Quantum Cryptography - 15th International Workshop, PQCrypto 2024, Proceedings
A2 - Saarinen, Markku-Juhani
A2 - Smith-Tone, Daniel
A2 - Smith-Tone, Daniel
PB - Springer Science and Business Media Deutschland GmbH
T2 - 15th International Conference on Post-Quantum Cryptography, PQCrypto 2024
Y2 - 12 June 2024 through 14 June 2024
ER -