On the Semantic Security of NTRU -- with a gentle introduction to cryptography
Liam Peet-Pare
TL;DR
The paper explains NTRU, a fast lattice-based public-key encryption scheme, within a gentle introduction to cryptography and security notions. It reviews CPA/CCA security and the random oracle model, and shows that the original NTRU construction is not IND-CPA secure because evaluating the ciphertext at $x=1$ reveals the plaintext component via $e(1)\equiv m_b(1)\pmod{q}$. Padding schemes proposed by Nguyen and Pointcheval aim to achieve IND-CCA2 security in the random oracle model, though some paddings fail even IND-CPA; ROM-based proofs and proposed schemes are contrasted with standard-model results that are currently inefficient. The work highlights the tension between practical efficiency and provable security in post-quantum cryptography and points to ongoing research toward provably secure, efficient NTRU variants, including developments by Steinfeld for standard-model security.
Abstract
This paper provides an explanation of NTRU, a post quantum encryption scheme, while also providing a gentle introduction to cryptography. NTRU is a very efficient lattice based cryptosystem that appears to be safe against attacks by quantum computers. NTRU's efficiency suggests that it is a strong candidate as an alternative to RSA, ElGamal, and ECC for the post quantum world. The paper begins with an introduction to cryptography and security proofs for cryptographic schemes before explaining the NTRU cryptosystem and culminating with a proof that the original presentation of NTRU is not IND-CPA secure. We will conclude by mentioning padding schemes to NTRU that are provably IND-CCA2 secure in the random oracle model. The paper is designed to be accessible to anyone with minimal background in abstract algebra and number theory - no previous knowledge of cryptography is assumed. Given the author's lack of familiarity with the subject, this paper aims to be an expository work rather than to provide new insights to the subject matter.