ABSTRACT
NTRUEncrypt is one of the first lattice-based encryption schemes. Furthermore, the earliest fully homomorphic encryption (FHE) schemes rely on the NTRU problem. Currently, NTRU is one of the leading candidates in the NIST post-quantum standardization competition. What makes NTRU appealing is the age of the cryptosystem and relatively good performance.
Unfortunately, FHE based on NTRU became impractical due to efficient attacks on NTRU instantiations with "overstretched'' modulus. In particular, currently, NTRU-based FHE schemes to support a reasonable circuit depth require instantiating NTRU with a very large modulus. Breaking the NTRU problem for such large moduli turns out to be easy. Due to these attacks, any serious work on practical NTRU-based FHE essentially stopped.
In this paper, we reactivate research on practical FHE that can be based on NTRU. We design an efficient bootstrapping scheme in which the noise growth is small enough to keep the modulus to dimension ratio relatively small, thus avoiding the negative consequences of "overstretching'' the modulus. Our bootstrapping algorithm is an accumulator-type bootstrapping scheme analogous to AP/FHEW/TFHE. Finally, we show that we can use the bootstrapping procedure to compute any function over \mathbbZ _t. Consequently, we obtain one of the fastest FHE bootstrapping schemes able to compute any function over elements of a finite field alongside reducing the error.
- 2009. IEEE Standard Specification for Public Key Cryptographic Techniques Based on Hard Problems over Lattices. IEEE Std 1363.1--2008 (2009), 1--81. https: //doi.org/10.1109/IEEESTD.2009.4800404Google Scholar
- 2021. PALISADE Lattice Cryptography Library (release 1.11.5). https://palisadecrypto.org/.Google Scholar
- 2022. FHE-Deck. https://github.com/FHE-Deck.Google Scholar
- Gorjan Alagic, Jacob Alperin-Sheriff, Daniel Apon, David Cooper, Quynh Dang, John Kelsey, Yi-Kai Liu, Carl Miller, Dustin Moody, Rene Peralta, et al. 2020. Status report on the second round of the NIST post-quantum cryptography standardization process. US Department of Commerce, NIST (2020).Google Scholar
- Martin R. Albrecht, Shi Bai, and Léo Ducas. 2016. A Subfield Lattice Attack on Overstretched NTRU Assumptions - Cryptanalysis of Some FHE and Graded Encoding Schemes. In Advances in Cryptology -- CRYPTO 2016, Part I (Lecture Notes in Computer Science, Vol. 9814), Matthew Robshaw and Jonathan Katz (Eds.). Springer, Heidelberg, 153--178. https://doi.org/10.1007/978--3--662--53018--4_6Google Scholar
- Martin R. Albrecht, Rachel Player, and Sam Scott. 2015. On the concrete hardness of Learning with Errors. Journal of Mathematical Cryptology 9, 3 (2015), 169--203. https://doi.org/doi:10.1515/jmc-2015-0016Google ScholarCross Ref
- Jacob Alperin-Sheriff and Chris Peikert. 2013. Practical Bootstrapping in Quasilinear Time. In Advances in Cryptology -- CRYPTO 2013, Part I (Lecture Notes in Computer Science, Vol. 8042), Ran Canetti and Juan A. Garay (Eds.). Springer, Heidelberg, 1--20. https://doi.org/10.1007/978--3--642--40041--4_1Google Scholar
- Jacob Alperin-Sheriff and Chris Peikert. 2014. Faster Bootstrapping with Polynomial Error. In Advances in Cryptology -- CRYPTO 2014, Part I (Lecture Notes in Computer Science, Vol. 8616), Juan A. Garay and Rosario Gennaro (Eds.). Springer, Heidelberg, 297--314. https://doi.org/10.1007/978--3--662--44371--2_17Google Scholar
- X9 ANSI. 2010. 98: Lattice-based polynomial public key establishment algorithm for the financial services industry. Technical Report. Technical report, ANSI.Google Scholar
- Anja Becker, Léo Ducas, Nicolas Gama, and Thijs Laarhoven. 2016. New directions in nearest neighbor searching with applications to lattice sieving. In 27th Annual ACM-SIAM Symposium on Discrete Algorithms, Robert Krauthgamer (Ed.). ACMSIAM, 10--24. https://doi.org/10.1137/1.9781611974331.ch2Google ScholarCross Ref
- Fabian Boemer, Sejun Kim, Gelila Seifu, Fillipe DM de Souza, Vinodh Gopal, et al. 2021. Intel HEXL (release 1.2). https://github.com/intel/hexl.Google Scholar
- Guillaume Bonnoron, Léo Ducas, and Max Fillinger. 2018. Large FHE Gates from Tensored Homomorphic Accumulator. In AFRICACRYPT 18: 10th International Conference on Cryptology in Africa (Lecture Notes in Computer Science, Vol. 10831), Antoine Joux, Abderrahmane Nitaj, and Tajjeeddine Rachidi (Eds.). Springer, Heidelberg, 217--251. https://doi.org/10.1007/978--3--319--89339--6_13Google ScholarCross Ref
- Charlotte Bonte, Ilia Iliashenko, Jeongeun Park, Hilder V. L. Pereira, and Nigel P. Smart. 2022. FINAL: Faster FHE instantiated with NTRU and LWE. Cryptology ePrint Archive, Report 2022/074. https://eprint.iacr.org/2022/074.Google Scholar
- Joppe W. Bos, Kristin Lauter, Jake Loftus, and Michael Naehrig. 2013. Improved Security for a Ring-Based Fully Homomorphic Encryption Scheme. In Cryptography and Coding, Martijn Stam (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 45--64.Google ScholarDigital Library
- Jean-Philippe Bossuat, Christian Mouchet, Juan Ramón Troncoso-Pastoriza, and Jean-Pierre Hubaux. 2021. Efficient Bootstrapping for Approximate Homomorphic Encryption with Non-sparse Keys. In Advances in Cryptology -- EUROCRYPT 2021, Part I (Lecture Notes in Computer Science, Vol. 12696), Anne Canteaut and François-Xavier Standaert (Eds.). Springer, Heidelberg, 587--617. https://doi.org/10.1007/978--3-030--77870--5_21Google Scholar
- Florian Bourse, Michele Minelli, Matthias Minihold, and Pascal Paillier. 2018. Fast Homomorphic Evaluation of Deep Discretized Neural Networks. In Advances in Cryptology -- CRYPTO 2018, Part III (Lecture Notes in Computer Science, Vol. 10993), Hovav Shacham and Alexandra Boldyreva (Eds.). Springer, Heidelberg, 483--512. https://doi.org/10.1007/978--3--319--96878-0_17Google Scholar
- Zvika Brakerski. 2012. Fully Homomorphic Encryption without Modulus Switching from Classical GapSVP. In Advances in Cryptology -- CRYPTO 2012 (Lecture Notes in Computer Science, Vol. 7417), Reihaneh Safavi-Naini and Ran Canetti (Eds.). Springer, Heidelberg, 868--886. https://doi.org/10.1007/978--3--642--32009--5_50Google Scholar
- Zvika Brakerski, Craig Gentry, and Vinod Vaikuntanathan. 2012. (Leveled) fully homomorphic encryption without bootstrapping. In ITCS 2012: 3rd Innovations in Theoretical Computer Science, Shafi Goldwasser (Ed.). Association for Computing Machinery, 309--325. https://doi.org/10.1145/2090236.2090262Google ScholarDigital Library
- Zvika Brakerski and Vinod Vaikuntanathan. 2011. Efficient Fully Homomorphic Encryption from (Standard) LWE. In 52nd Annual Symposium on Foundations of Computer Science, Rafail Ostrovsky (Ed.). IEEE Computer Society Press, 97--106. https://doi.org/10.1109/FOCS.2011.12Google ScholarDigital Library
- Sergiu Carpov, Malika Izabachène, and Victor Mollimard. 2019. New Techniques for Multi-value Input Homomorphic Evaluation and Applications. In Topics in Cryptology -- CT-RSA 2019 (Lecture Notes in Computer Science, Vol. 11405), Mitsuru Matsui (Ed.). Springer, Heidelberg, 106--126. https://doi.org/10.1007/978--3-030- 12612--4_6Google Scholar
- Hao Chen, Ilaria Chillotti, and Yongsoo Song. 2019. Improved Bootstrapping for Approximate Homomorphic Encryption. In Advances in Cryptology -- EUROCRYPT 2019, Part II (Lecture Notes in Computer Science, Vol. 11477), Yuval Ishai and Vincent Rijmen (Eds.). Springer, Heidelberg, 34--54. https://doi.org/10.1007/978- 3-030--17656--3_2Google Scholar
- Hao Chen and Kyoohyung Han. 2018. Homomorphic Lower Digits Removal and Improved FHE Bootstrapping. In Advances in Cryptology -- EUROCRYPT 2018, Part I (Lecture Notes in Computer Science, Vol. 10820), Jesper Buus Nielsen and Vincent Rijmen (Eds.). Springer, Heidelberg, 315--337. https://doi.org/10.1007/978- 3--319--78381--9_12Google Scholar
- Jung Hee Cheon, Kyoohyung Han, Andrey Kim, Miran Kim, and Yongsoo Song. 2018. Bootstrapping for Approximate Homomorphic Encryption. In Advances in Cryptology -- EUROCRYPT 2018, Part I (Lecture Notes in Computer Science, Vol. 10820), Jesper Buus Nielsen and Vincent Rijmen (Eds.). Springer, Heidelberg, 360--384. https://doi.org/10.1007/978--3--319--78381--9_14Google Scholar
- Jung Hee Cheon, Jinhyuck Jeong, and Changmin Lee. 2016. An algorithm for NTRU problems and cryptanalysis of the GGH multilinear map without a lowlevel encoding of zero. LMS Journal of Computation and Mathematics 19, A (2016), 255--266. https://doi.org/10.1112/S1461157016000371Google Scholar
- Jung Hee Cheon, Andrey Kim, Miran Kim, and Yong Soo Song. 2017. Homomorphic Encryption for Arithmetic of Approximate Numbers. In Advances in Cryptology -- ASIACRYPT 2017, Part I (Lecture Notes in Computer Science, Vol. 10624), Tsuyoshi Takagi and Thomas Peyrin (Eds.). Springer, Heidelberg, 409--437. https://doi.org/10.1007/978--3--319--70694--8_15Google Scholar
- Ilaria Chillotti, Nicolas Gama, Mariya Georgieva, and Malika Izabachène. 2016. Faster Fully Homomorphic Encryption: Bootstrapping in Less Than 0.1 Seconds. In Advances in Cryptology -- ASIACRYPT 2016, Part I (Lecture Notes in Computer Science, Vol. 10031), Jung Hee Cheon and Tsuyoshi Takagi (Eds.). Springer, Heidelberg, 3--33. https://doi.org/10.1007/978--3--662--53887--6_1Google Scholar
- Ilaria Chillotti, Nicolas Gama, Mariya Georgieva, and Malika Izabachène. 2017. Faster Packed Homomorphic Operations and Efficient Circuit Bootstrapping for TFHE. In Advances in Cryptology -- ASIACRYPT 2017, Part I (Lecture Notes in Computer Science, Vol. 10624), Tsuyoshi Takagi and Thomas Peyrin (Eds.). Springer, Heidelberg, 377--408. https://doi.org/10.1007/978--3--319--70694--8_14Google Scholar
- Ilaria Chillotti, Nicolas Gama, Mariya Georgieva, and Malika Izabachène. 2020. TFHE: Fast Fully Homomorphic Encryption Over the Torus. Journal of Cryptology 33, 1 (Jan. 2020), 34--91. https://doi.org/10.1007/s00145-019-09319-xGoogle ScholarDigital Library
- Ilaria Chillotti, Damien Ligier, Jean-Baptiste Orfila, and Samuel Tap. 2021. Improved Programmable Bootstrapping with Larger Precision and Efficient Arithmetic Circuits for TFHE. In Advances in Cryptology -- ASIACRYPT 2021, Mehdi Tibouchi and Huaxiong Wang (Eds.). Springer International Publishing, Cham, 670--699.Google ScholarDigital Library
- Ana Costache and Nigel P. Smart. 2016. Which Ring Based Somewhat Homomorphic Encryption Scheme is Best?. In Topics in Cryptology -- CT-RSA 2016 (Lecture Notes in Computer Science, Vol. 9610), Kazue Sako (Ed.). Springer, Heidelberg, 325--340. https://doi.org/10.1007/978--3--319--29485--8_19Google Scholar
- Jintai Ding and Dieter Schmidt. 2005. Rainbow, a New Multivariable Polynomial Signature Scheme. In ACNS 05: 3rd International Conference on Applied Cryptography and Network Security (Lecture Notes in Computer Science, Vol. 3531), John Ioannidis, Angelos Keromytis, and Moti Yung (Eds.). Springer, Heidelberg, 164--175. https://doi.org/10.1007/11496137_12Google ScholarDigital Library
- Léo Ducas and Daniele Micciancio. 2015. FHEW: Bootstrapping Homomorphic Encryption in Less Than a Second. In Advances in Cryptology -- EUROCRYPT 2015, Part I (Lecture Notes in Computer Science, Vol. 9056), Elisabeth Oswald and Marc Fischlin (Eds.). Springer, Heidelberg, 617--640. https://doi.org/10.1007/978--3--662- 46800--5_24Google Scholar
- Léo Ducas and Wessel van Woerden. 2021. NTRU Fatigue: How Stretched is Overstretched?. In Advances in Cryptology -- ASIACRYPT 2021, Mehdi Tibouchi and Huaxiong Wang (Eds.). Springer International Publishing, Cham, 3--32.Google ScholarDigital Library
- Junfeng Fan and Frederik Vercauteren. 2012. Somewhat Practical Fully Homomorphic Encryption. Cryptology ePrint Archive, Report 2012/144. https: //eprint.iacr.org/2012/144.Google Scholar
- Matteo Frigo and Steven G. Johnson. 2021. FFTW. https://www.fftw.org.Google Scholar
- Nicholas Genise, Craig Gentry, Shai Halevi, Baiyu Li, and Daniele Micciancio. 2019. Homomorphic Encryption for Finite Automata. In Advances in Cryptology -- ASIACRYPT 2019, Part II (Lecture Notes in Computer Science, Vol. 11922), Steven D. Galbraith and Shiho Moriai (Eds.). Springer, Heidelberg, 473--502. https://doi. org/10.1007/978--3-030--34621--8_17Google Scholar
- Craig Gentry. 2009. Fully homomorphic encryption using ideal lattices. In 41st Annual ACM Symposium on Theory of Computing, Michael Mitzenmacher (Ed.). ACM Press, 169--178. https://doi.org/10.1145/1536414.1536440Google ScholarDigital Library
- Craig Gentry, Amit Sahai, and Brent Waters. 2013. Homomorphic Encryption from Learning with Errors: Conceptually-Simpler, Asymptotically-Faster, Attribute-Based. In Advances in Cryptology -- CRYPTO 2013, Part I (Lecture Notes in Computer Science, Vol. 8042), Ran Canetti and Juan A. Garay (Eds.). Springer, Heidelberg, 75--92. https://doi.org/10.1007/978--3--642--40041--4_5Google Scholar
- Craig Gentry and Michael Szydlo. 2002. Cryptanalysis of the Revised NTRU Signature Scheme. In Advances in Cryptology -- EUROCRYPT 2002 (Lecture Notes in Computer Science, Vol. 2332), Lars R. Knudsen (Ed.). Springer, Heidelberg, 299--320. https://doi.org/10.1007/3--540--46035--7_20Google Scholar
- Antonio Guimarães, Edson Borin, and Diego F. Aranha. 2021. Revisiting the functional bootstrap in TFHE. IACR Transactions on Cryptographic Hardware and Embedded Systems 2021, 2 (Feb. 2021), 229--253. https://doi.org/10.46586/tches. v2021.i2.229--253Google Scholar
- Shai Halevi and Victor Shoup. 2015. Bootstrapping for HElib. In Advances in Cryptology -- EUROCRYPT 2015, Part I (Lecture Notes in Computer Science, Vol. 9056), Elisabeth Oswald and Marc Fischlin (Eds.). Springer, Heidelberg, 641-- 670. https://doi.org/10.1007/978--3--662--46800--5_25Google Scholar
- Shai Halevi and Victor Shoup. 2021. Bootstrapping for HElib. Journal of Cryptology 34, 1 (Jan. 2021), 7. https://doi.org/10.1007/s00145-020-09368--7Google ScholarCross Ref
- Kyoohyung Han and Dohyeong Ki. 2020. Better Bootstrapping for Approximate Homomorphic Encryption. In Topics in Cryptology -- CT-RSA 2020 (Lecture Notes in Computer Science, Vol. 12006), Stanislaw Jarecki (Ed.). Springer, Heidelberg, 364--390. https://doi.org/10.1007/978--3-030--40186--3_16Google Scholar
- Ryo Hiromasa, Masayuki Abe, and Tatsuaki Okamoto. 2015. Packing Messages and Optimizing Bootstrapping in GSW-FHE. In PKC 2015: 18th International Conference on Theory and Practice of Public Key Cryptography (Lecture Notes in Computer Science, Vol. 9020), Jonathan Katz (Ed.). Springer, Heidelberg, 699--715. https://doi.org/10.1007/978--3--662--46447--2_31Google Scholar
- Jeffrey Hoffstein, Jill Pipher, and Joseph H. Silverman. 1998. NTRU: A ring-based public key cryptosystem. In Algorithmic Number Theory, Joe P. Buhler (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 267--288.Google ScholarDigital Library
- Andrey Kim, Yuriy Polyakov, and Vincent Zucca. 2021. Revisiting Homomorphic Encryption Schemes for Finite Fields. In Advances in Cryptology -- ASIACRYPT 2021, Mehdi Tibouchi and Huaxiong Wang (Eds.). Springer International Publishing, Cham, 608--639.Google ScholarDigital Library
- Aviad Kipnis, Jacques Patarin, and Louis Goubin. 1999. Unbalanced Oil and Vinegar Signature Schemes. In Advances in Cryptology -- EUROCRYPT'99 (Lecture Notes in Computer Science, Vol. 1592), Jacques Stern (Ed.). Springer, Heidelberg, 206--222. https://doi.org/10.1007/3--540--48910-X_15Google Scholar
- Paul Kirchner and Pierre-Alain Fouque. 2017. Revisiting Lattice Attacks on Overstretched NTRU Parameters. In Advances in Cryptology -- EUROCRYPT 2017, Part I (Lecture Notes in Computer Science, Vol. 10210), Jean-Sébastien Coron and Jesper Buus Nielsen (Eds.). Springer, Heidelberg, 3--26. https://doi.org/10.1007/ 978--3--319--56620--7_1Google Scholar
- Kamil Kluczniak. 2022. NTRU-??-um: Secure Fully Homomorphic Encryption from NTRU with Small Modulus. Cryptology ePrint Archive, Paper 2022/089. https://eprint.iacr.org/2022/089 https://eprint.iacr.org/2022/089.Google Scholar
- Kamil Kluczniak and Leonard Schild. 2021. FDFB: Full Domain Functional Bootstrapping Towards Practical Fully Homomorphic Encryption. Cryptology ePrint Archive, Report 2021/1135. https://eprint.iacr.org/2021/1135.Google Scholar
- Joon-Woo Lee, Eunsang Lee, Yongwoo Lee, Young-Sik Kim, and Jong-Seon No. 2021. High-Precision Bootstrapping of RNS-CKKS Homomorphic Encryption Using Optimal Minimax Polynomial Approximation and Inverse Sine Function. In Advances in Cryptology -- EUROCRYPT 2021, Part I (Lecture Notes in Computer Science, Vol. 12696), Anne Canteaut and François-Xavier Standaert (Eds.). Springer, Heidelberg, 618--647. https://doi.org/10.1007/978--3-030--77870--5_22Google Scholar
- Baiyu Li and Daniele Micciancio. 2021. On the Security of Homomorphic Encryption on Approximate Numbers. In Advances in Cryptology -- EUROCRYPT 2021, Part I (Lecture Notes in Computer Science, Vol. 12696), Anne Canteaut and François-Xavier Standaert (Eds.). Springer, Heidelberg, 648--677. https: //doi.org/10.1007/978--3-030--77870--5_23Google Scholar
- Zeyu Liu, Daniele Micciancio, and Yuriy Polyakov. 2021. Large-Precision Homomorphic Sign Evaluation using FHEW/TFHE Bootstrapping. Cryptology ePrint Archive, Report 2021/1337. https://eprint.iacr.org/2021/1337.Google Scholar
- Adriana López-Alt, Eran Tromer, and Vinod Vaikuntanathan. 2012. On-the-fly multiparty computation on the cloud via multikey fully homomorphic encryption. In 44th Annual ACM Symposium on Theory of Computing, Howard J. Karloff and Toniann Pitassi (Eds.). ACM Press, 1219--1234. https://doi.org/10.1145/2213977. 2214086Google ScholarDigital Library
- Vadim Lyubashevsky, Chris Peikert, and Oded Regev. 2010. On Ideal Lattices and Learning with Errors over Rings. In Advances in Cryptology -- EUROCRYPT 2010 (Lecture Notes in Computer Science, Vol. 6110), Henri Gilbert (Ed.). Springer, Heidelberg, 1--23. https://doi.org/10.1007/978--3--642--13190--5_1Google Scholar
- Daniele Micciancio and Yuriy Polyakov. 2021. Bootstrapping in FHEW-like Cryptosystems. Association for Computing Machinery, New York, NY, USA, 17--28. https://doi.org/10.1145/3474366.3486924Google ScholarDigital Library
- Daniele Micciancio and Jessica Sorrell. 2018. Ring Packing and Amortized FHEW Bootstrapping. In ICALP 2018: 45th International Colloquium on Automata, Languages and Programming (LIPIcs, Vol. 107), Ioannis Chatzigiannakis, Christos Kaklamanis, Dániel Marx, and Donald Sannella (Eds.). Schloss Dagstuhl, 100:1-- 100:14. https://doi.org/10.4230/LIPIcs.ICALP.2018.100Google Scholar
- Jacques Patarin. 1997. The oil and vinegar signature scheme. In Dagstuhl Workshop on Cryptography September, 1997.Google Scholar
- Oded Regev. 2005. On lattices, learning with errors, random linear codes, and cryptography. In 37th Annual ACM Symposium on Theory of Computing, Harold N. Gabow and Ronald Fagin (Eds.). ACM Press, 84--93. https://doi.org/10.1145/ 1060590.1060603Google ScholarDigital Library
- Damien Stehlé and Ron Steinfeld. 2011. Making NTRU as Secure as Worst-Case Problems over Ideal Lattices. In Advances in Cryptology -- EUROCRYPT 2011 (Lecture Notes in Computer Science, Vol. 6632), Kenneth G. Paterson (Ed.). Springer, Heidelberg, 27--47. https://doi.org/10.1007/978--3--642--20465--4_4Google Scholar
- Zhaomin Yang, Xiang Xie, Huajie Shen, Shiying Chen, and Jun Zhou. 2021. TOTA: Fully Homomorphic Encryption with Smaller Parameters and Stronger Security. Cryptology ePrint Archive, Report 2021/1347. https://eprint.iacr.org/2021/1347.Google Scholar
Index Terms
- NTRU-v-um: Secure Fully Homomorphic Encryption from NTRU with Small Modulus
Recommendations
FINAL: Faster FHE Instantiated with NTRU and LWE
Advances in Cryptology – ASIACRYPT 2022AbstractThe NTRU problem is a promising candidate to build efficient Fully Homomorphic Encryption (FHE). However, all the existing proposals (e.g. LTV, YASHE) need so-called ‘overstretched’ parameters of NTRU to enable homomorphic operations. It was shown ...
Fully Homomorphic Encryption Beyond IND-CCA1 Security: Integrity Through Verifiability
Advances in Cryptology – EUROCRYPT 2024AbstractWe focus on the problem of constructing fully homomorphic encryption (FHE) schemes that achieve some meaningful notion of adaptive chosen-ciphertext security beyond . Towards this, we propose a new notion, called security against verified ...
A symmetric additive homomorphic encryption scheme based on NTRU proxy rekeys
CSW '22: Proceedings of the 2022 International Conference on Cyber SecurityTo address the problems that homomorphic encryption cannot achieve secret sharing and existing Paillier cryptosystems cannot resist quantum attacks and are not suitable for scenarios where encrypted data is only uploaded by the data owner, this paper ...
Comments