Making NTRU as Secure as Worst-Case Problems over Ideal
Lattices
Damien Stehlé and Ron Steinfeld
Abstract: NTRUEncrypt, proposed in 1996 by Hoffstein, Pipher and
Silverman, is the fastest known lattice-based encryption scheme. Its
moderate key-sizes, excellent asymptotic performance and conjectured
resistance to quantum computers could make it a desirable
alternative to factorisation and discrete-log based encryption
schemes. However, since its introduction, doubts have regularly
arisen on its security.
In the present work, we show how to modify NTRUEncrypt to make
it provably secure in the standard model, under the assumed quantum
hardness of standard worst-case lattice problems, restricted to a
family of lattices related to some cyclotomic fields. Our main
contribution is to show that if the secret key polynomials are
selected by rejection from discrete Gaussians, then the public key,
which is their ratio, is statistically indistinguishable from
uniform over its domain. The security then follows from the already
proven hardness of the Ring-LWE problem.
Download: pdf.
Homepage