[Resource Topic] 2024/1282: $\mathsf{NTRU}\mathsf{+}\mathsf{PKE}$: Efficient Public-Key Encryption Schemes from the NTRU Problem

Resource Public-key cryptography
#1

Welcome to the resource topic for 2024/1282

Title:
\mathsf{NTRU}\mathsf{+}\mathsf{PKE}: Efficient Public-Key Encryption Schemes from the NTRU Problem

Authors: Jonghyun Kim, Jong Hwan Park

Abstract:

We propose a new NTRU-based Public-Key Encryption (PKE) scheme called \mathsf{NTRU+}\mathsf{PKE}, which effectively incorporates the Fujisaki-Okamoto transformation for PKE (denoted as \mathsf{FO}_{\mathsf{PKE}}) to achieve chosen-ciphertext security in the Quantum Random Oracle Model (QROM). While \mathsf{NTRUEncrypt}, a first-round candidate in the NIST PQC standardization process, was proven to be chosen-ciphertext secure in the Random Oracle Model (ROM), it lacked corresponding security proofs for QROM. Our work extends the capabilities of the recent \mathsf{ACWC}_{2} transformation, proposed by Kim and Park in 2023, by demonstrating that an \mathsf{ACWC}_{2}-transformed scheme can serve as a sufficient foundation for applying \mathsf{FO}_\mathsf{PKE}. Specifically, we show that the \mathsf{ACWC}_{2}-transformed scheme achieves (weak) \gamma-spreadness, an essential property for constructing an IND-CCA secure PKE scheme. Moreover, we provide the first proof of the security of \mathsf{FO}_\mathsf{PKE} in the QROM. Finally, we show that \mathsf{FO}_\mathsf{PKE} can be further optimized into a more efficient transformation, \overline{\mathsf{FO}}_\mathsf{PKE}, which eliminates the need for re-encryption during decryption. By instantiating an \mathsf{ACWC}_{2}-transformed scheme with appropriate parameterizations, we construct \mathsf{NTRU+}\mathsf{PKE}, which supports 256-bit message encryption. Our implementation results demonstrate that at approximately a classical 180-bit security level, \mathsf{NTRU+}\mathsf{PKE} is about 1.8 times faster than \textsc{Kyber} + AES-256-GCM in AVX2 mode.

ePrint: https://eprint.iacr.org/2024/1282

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .