University of Isfahan & Iranian Society of CryptologyJournal of Computing and Security2322-44605120181201A Provably Secure Variant of ETRU Based on Extended Ideal Lattices Over Direct Product of Dedekind Domains13342317210.22108/jcs.2018.106856.0ENRezaEbrahimi AtaniDepartment of Computer Engineering, University of Guilan, P. O. Box 3756, Rasht, Iran.0000-0001-9180-8707ShahabaddinEbrahimi AtaniDepartment of Mathematics, University of Guilan, P. O. Box 1914, Rasht, Iran.AmirHassani KarbasiDepartment of Mathematics, University of Guilan, P. O. Box 1914, Rasht, Iran.Journal Article20161102Jarvis and Nevins presented ETRU in 2013 which has applausive performance with moderate key-sizes and conjectured resistance to quantum computers. ETRU, as an efficient NTRUEncrypt-like cryptosystem, is over the ring of Eisenstein integers that is faster with smaller keys for the same or better level of security than does NTRUEncrypt which is a desirable alternative to public-key cryptosystems based on factorisation and discrete logarithm problem. However, because of its construction, doubts have regularly arisen on its security. In this paper, we propose how to modify ETRU to make it provably secure, under our modified assumption of quantum hardness of standard worst-case lattice problems, restricted to extended ideal lattices related to some extensions of cyclotomic fields structures. We describe the structure of all generated polynomial rings of quotient over direct product of Dedekind domains Z and Z[ζ3], where ζ3 is complex cube root of unity. We give a detailed description to show that if the private key polynomials of the ETRU are selected from direct product of some Dedekind domains using discrete Gaussians, then the public key, which is their ratio, is statistically indistinguishable from uniform over its range. The security then proves for our main system from the already proven hardness of the R-SIS and R-LWE problems by their extensions.http://jcomsec.ui.ac.ir/article_23172_72dc58a05ff98b8579781b5cbd9ccce7.pdf