A hierarchy of polynomial time lattice basis reduction algorithms
Theoretical Computer Science
Generating hard instances of lattice problems (extended abstract)
STOC '96 Proceedings of the twenty-eighth annual ACM symposium on Theory of computing
Accuracy and Stability of Numerical Algorithms
Accuracy and Stability of Numerical Algorithms
NSS: An NTRU Lattice-Based Signature Scheme
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
NTRU: A Ring-Based Public Key Cryptosystem
ANTS-III Proceedings of the Third International Symposium on Algorithmic Number Theory
Modern Computer Algebra
Worst-Case to Average-Case Reductions Based on Gaussian Measures
SIAM Journal on Computing
Generalized Compact Knapsacks, Cyclic Lattices, and Efficient One-Way Functions
Computational Complexity
Trapdoors for hard lattices and new cryptographic constructions
STOC '08 Proceedings of the fortieth annual ACM symposium on Theory of computing
Limits on the Hardness of Lattice Problems in lp Norms
Computational Complexity
SWIFFT: A Modest Proposal for FFT Hashing
Fast Software Encryption
Quantum resistant public key cryptography: a survey
Proceedings of the 8th Symposium on Identity and Trust on the Internet
Fully homomorphic encryption using ideal lattices
Proceedings of the forty-first annual ACM symposium on Theory of computing
Public-key cryptosystems from the worst-case shortest vector problem: extended abstract
Proceedings of the forty-first annual ACM symposium on Theory of computing
On lattices, learning with errors, random linear codes, and cryptography
Journal of the ACM (JACM)
Fast Cryptographic Primitives and Circular-Secure Encryption Based on Hard Learning Problems
CRYPTO '09 Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology
Efficient Public Key Encryption Based on Ideal Lattices
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
The LLL Algorithm: Survey and Applications
The LLL Algorithm: Survey and Applications
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Proceedings of the forty-second ACM symposium on Theory of computing
A fully homomorphic encryption scheme
A fully homomorphic encryption scheme
The Learning with Errors Problem (Invited Survey)
CCC '10 Proceedings of the 2010 IEEE 25th Annual Conference on Computational Complexity
Toward basing fully homomorphic encryption on worst-case hardness
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
Generalized compact knapsacks are collision resistant
ICALP'06 Proceedings of the 33rd international conference on Automata, Languages and Programming - Volume Part II
On ideal lattices and learning with errors over rings
EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
Bonsai trees, or how to delegate a lattice basis
EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
Efficient lattice (H)IBE in the standard model
EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
Efficient collision-resistant hashing from worst-case assumptions on cyclic lattices
TCC'06 Proceedings of the Third conference on Theory of Cryptography
A new lattice-based public-key cryptosystem mixed with a knapsack
CANS'11 Proceedings of the 10th international conference on Cryptology and Network Security
On-the-fly multiparty computation on the cloud via multikey fully homomorphic encryption
STOC '12 Proceedings of the forty-fourth annual ACM symposium on Theory of computing
Tightly-Secure signatures from lossy identification schemes
EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
Lattice signatures without trapdoors
EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
PKC'12 Proceedings of the 15th international conference on Practice and Theory in Public Key Cryptography
NTRUCCA: how to strengthen NTRUEncrypt to chosen-ciphertext security in the standard model
PKC'12 Proceedings of the 15th international conference on Practice and Theory in Public Key Cryptography
Towards efficient arithmetic for lattice-based cryptography on reconfigurable hardware
LATINCRYPT'12 Proceedings of the 2nd international conference on Cryptology and Information Security in Latin America
On the design of hardware building blocks for modern lattice-based encryption schemes
CHES'12 Proceedings of the 14th international conference on Cryptographic Hardware and Embedded Systems
Anonymous lattice-based broadcast encryption
ICT-EurAsia'13 Proceedings of the 2013 international conference on Information and Communication Technology
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
On Ideal Lattices and Learning with Errors over Rings
Journal of the ACM (JACM)
| Hi-index | 0.00 |
NTRUEncrypt, proposed in 1996 by Hoffstein, Pipher and Silverman, is the fastest known lattice-based encryption scheme. Its moderate key-sizes, excellent asymptotic performance and conjectured resistance to quantum computers could make it a desirable alternative to factorisation and discrete-log based encryption schemes. However, since its introduction, doubts have regularly arisen on its security. In the present work, we show how to modify NTRUEncrypt to make it provably secure in the standard model, under the assumed quantum hardness of standard worst-case lattice problems, restricted to a family of lattices related to some cyclotomic fields. Our main contribution is to show that if the secret key polynomials are selected by rejection from discrete Gaussians, then the public key, which is their ratio, is statistically indistinguishable from uniform over its domain. The security then follows from the already proven hardness of the R-LWE problem.