Kỷ yếu Hội nghị Quốc gia lần thứ VIII về Nghiên cứu cơ bản và ứng dụng Công nghệ thông tin (FAIR); Hà Nội, ngày 9-10/7/2015 DOI: 10.15625/vap.2015.000201 RISKE, A NOVEL CPA-SECURE SECRET-KEY ENCRYPTION SCHEME BASED-ON INVERTIBLE ELEMENTS IN BINARY QUOTIENT POLYNOMIAL RINGS Cao Minh Thắng 1 , Nguyễn Bình 1 1 Học viện Công nghệ Bưu chính Viễn thông thangcm@ptit.edu.vn; nguyenbinh@ptit.edu.vn ABSTRACT - Invertible elements in quotient polynomial rings have been exploited to construct some interesting public-key cryptosystems such as NTRU and pNE. In this paper, we first introduce a special class of binary quotient polynomial rings in which the set of invertible elements is very large. By exploiting that set, we propose a novel a secret-key encryption scheme which not only operate efficiently but also secure under the chosen plain-text attack (or CPA-secure). Keywords - CPA-secure, secret-key, cryptosystem, invertible elements, binary quotient polynomial rings. I. INTRODUCTION The applications of invertible elements in polynomial rings , [ ]/( 1) n q nq R Z x x = - in cryptography are typically in constructing a famous probabilistic public-key cryptosystem NTRU [4] and some variants such as CTRU [6] and especially pNE [5] which operates in 2, | s q R s Z + ∈ and is so far the unique provably-secure variant of NTRU. The advantage of using invertible elements in encryption schemes is the computation speed. The modular multiplication in polynomial rings , nq R take 2 ( ) n Ο operations. By exploiting this feature, along with security related to some hard problems over lattices, NTRU is faster and generally considered as a reasonable alternative to the encryption schemes based on integer factorization and discrete logarithm over finite fields and elliptic curves and is standardized in IEEE P.1363.1 standard in 2008. Binary quotient polynomial rings 2 ,2 [ ]/( 1) n n R Z x x + = , a class of , nq R , although popularly used in error- correcting codes, have been not widely applied in cryptography except a special class of special class of ,2 n R where 2 | N n N Z + = ∈ . In 2002, the cyclic multiplicative groups in 2 ,2 N R are exploited to propose a secret-key cryptosystem and in [7] which is then developed as a new variant of DES in [8]. In section III we show that there is a large set of invertible elements in 2 ,2 [ ]/( 1) n n R Z x x = + where 2 | N n N Z + = ∈ (Theorem 1) and propose an efficient algorithm for computing inverse in those rings. By exploiting that set, in section IV, we construct a novel probabilistic secret-key encryption scheme, named RISKE, which is fast and proved secure under the chosen plain-text attacks (CPA-secure) (Theorem 3). The conclusion and proposal about further research is mentioned in Section V. II. PRELIMINARIES In this section, we firstly recall some notions about provably secure encryption scheme. Besides, the binary quotient polynomial rings is introduced as a necessary background for the next parts. A. EAV-secure and CPA-secure encryption schemes Definition 1: An encryption scheme, denoted by (, , , , , ) Π GEDKPC , is constructed by three algorithms G (key generation) E (encryption) and D (decryption) along with three spaces P (plain-text space), C (cipher-text place) and K (key space). Definition 2 (definition 3.4 [1]): With variable n Z + ∈ , a function () f n is called negligible if for every polynomial () pn there exists an integer 0 N such that for all 0 n N > it holds that 1 () () fn pn < . Proposition 1: 2 n - , 2 n - and log n n - are all negligible. Lemma 1: Function () 1 (2 1) n fn = - is negligible.