ETRU: NTRU over the Eisenstein integers
Designs, Codes and Cryptography
NTRU is a public-key cryptosystem based on polynomial rings over Z. Replacing Z with the ring of Eisenstein integers yields ETRU. We prove through both theory and implementation that ETRU is faster and has smaller keys for the same or better level of security than does NTRU. Keywords Public-key cryptography · lattice-based cryptography · NTRU · Eisenstein integers Mathematics Subject Classification (2000) 11T71 · 13G Introduction The NTRU public key cryptosystem was proposed by J. Hoffstein, J.
... Pipher and J. H. Silverman in 1996. It has since been standardized ,  and has been implemented both for commercial applications  and open-source models  . In comparison with RSA and ECC, NTRU is faster and has significantly smaller keys. Moreover, because its security is conjectured to rely on the hardness of certain lattice problems, which are not known to be susceptible to quantum attack, NTRU is viewed as a quantum-resistant cryptosystem. One weakness of NTRU is the possibility of decryption failure; however, parameters may be chosen to minimize or eliminate this error. NTRU's security has been and continues to be scrutinized by the cryptographic community, as a consequence of which the original design underwent several improvements over its first decade. NTRU keys are truncated polynomials with integer coefficients. An important direction for research about NTRU is the development and analysis of variants in which the integers are replaced by elements of another ring, such as the Gaussian integers , integer matrices  or quaternion algebras  . The current paper was motivated by  , in which the integers were replaced with the ring of Eisenstein integers, with helpful comments, including pointers to recent literature on the use of the FFT in NTRU-like rings. The second author would also like to acknowledge the warm hospitality , where this work was completed. The NTRU Cryptosystem The NTRU public key cryptosystem as described in  depends on three integer parameters N , p and q, such that N > 1, p and q are relatively prime and q is much larger than p. Commonly p is chosen to be 3, N is chosen to be prime (to reduce the number of factors of X N − 1) and q is power of 2. Let