In ASIACCS 2015, Nu nez, et al. proposed a proxy re-encryption scheme, named NTRURe Encrypt, based on NTRU, which allows a proxy to translate ciphertext under the delegator’s public key into a re-encrypted ciphertext...In ASIACCS 2015, Nu nez, et al. proposed a proxy re-encryption scheme, named NTRURe Encrypt, based on NTRU, which allows a proxy to translate ciphertext under the delegator’s public key into a re-encrypted ciphertext that can be decrypted correctly by delegatee’s private key. Because of the potential resistance to quantum algorithm, high efficiency and various applications in real life,NTRURe Encrypt has drawn lots of attention and its security has been widely discussed and analyzed.In PQCrypto2019, Liu, et al. proposed two key recovery attacks against it. However, their first attack heavily relies on a weaken decryption oracle, and the second attack needs to collect about 260ciphertexts from the same message by theoretical analysis, which makes both of the attacks unrealistic. In this paper, inspired by the broadcast attack against NTRU, the authors find out that for NTRURe Encrypt the delegator and the delegatee can efficiently recover each other’s private key in polynomial time without any unrealistic assumptions. In addition, the authors also show how to fix NTRURe Encrypt to resist the proposed attacks. As a by-product, the authors also show how to commit broadcast attacks against NTRU 2001 with even dg, which was thought infeasible before.展开更多
基金supported by National Key Research and Development Program of China under Grant No.2018YFA0704705the National Natural Science Foundation of China under Grant Nos. 62032009, 12201193+3 种基金12226006the Innovation Program for Quantum Science and Technology under Grant No. 2021ZD0302902the Innovation Group Project of the Natural Science Foundation of Hubei Province of China under Grant No.2023AFA021the Science and Technology Research Program of Education Department of Hubei Province under Grant No. Q20221008。
文摘In ASIACCS 2015, Nu nez, et al. proposed a proxy re-encryption scheme, named NTRURe Encrypt, based on NTRU, which allows a proxy to translate ciphertext under the delegator’s public key into a re-encrypted ciphertext that can be decrypted correctly by delegatee’s private key. Because of the potential resistance to quantum algorithm, high efficiency and various applications in real life,NTRURe Encrypt has drawn lots of attention and its security has been widely discussed and analyzed.In PQCrypto2019, Liu, et al. proposed two key recovery attacks against it. However, their first attack heavily relies on a weaken decryption oracle, and the second attack needs to collect about 260ciphertexts from the same message by theoretical analysis, which makes both of the attacks unrealistic. In this paper, inspired by the broadcast attack against NTRU, the authors find out that for NTRURe Encrypt the delegator and the delegatee can efficiently recover each other’s private key in polynomial time without any unrealistic assumptions. In addition, the authors also show how to fix NTRURe Encrypt to resist the proposed attacks. As a by-product, the authors also show how to commit broadcast attacks against NTRU 2001 with even dg, which was thought infeasible before.
