International Journal of Computer Network and Information Security(IJCNIS)

ISSN: 2074-9090 (Print), ISSN: 2074-9104 (Online)

Published By: MECS Press

IJCNIS Vol.8, No.4, Apr. 2016

Formal Verification of NTRUEncrypt Scheme

Full Text (PDF, 631KB), PP.44-55

Views:87   Downloads:5


Gholam Reza Moghissi, Ali Payandeh

Index Terms

Public key encryption;Lattice;NTRUEncrypt;Formal proof system;Higher order logic;Formal verification;Isabelle/HOL;Theorem proving;Proof assistant


In this paper we explore a mechanized verification of the NTRUEncrypt scheme, with the formal proof system Isabelle/HOL. More precisely, the functional correctness of this algorithm, in its reduced form, is formally verified with computer support. We show that this scheme is correct what is a necessary condition for the usefulness of any cryptographic encryption scheme. Besides, we present a convenient and application specific formalization of the NTRUEncrypt scheme in the Isabelle/HOL system that can be used in further study around the functional and security analysis of NTRUEncrypt family.

Cite This Paper

Gholam Reza Moghissi, Ali Payandeh,"Formal Verification of NTRUEncrypt Scheme", International Journal of Computer Network and Information Security(IJCNIS), Vol.8, No.4, pp.44-55, 2016.DOI: 10.5815/ijcnis.2016.04.06


[1]Hoffstein, J., Pipher, J., Silverman, J.H., "NTRU: A ring-based public key cryptosystem", Lecture Notes in Computer Science, 1998.

[2]Bernstein, D.J., "Post-Quantum Cryptography", Department of Computer Science, University of Illinois at Chicago, 2008.

[3]Silverman, J.H., Whyte, W., "Estimating decryption failure probabilities for NTRUEncrypt", Technical report, NTRU Cryptosystems, Report #018, version 1, available at, 2003.

[4]Kaiser, M., Buchmann, J., "Formal Analysis of a Public-Key Algorithm", International Journal of Computer Science 2.2, 2007.

[5]Kusch, S., Buchmann, J., "Formalizing the DSA Signature Scheme in Isabelle/ HOL", Diplomarbeit, Technische Universit¨at Darmstadt, 2007.

[6]Kusch, S., Kaiser, M., "A Computer Proven Application of the Discrete Logarithm Problem", International Journal of Computer Science 2.2, 2007.

[7]Nipkow, T., Paulson, L.C., Wenzel, M., "Isabelle/HOL—a proof assistant for higher-order logic", Lecture Notes in Computer Science, vol. 2283. Springer, 2002. doi:10.1007/3-540-45949-9.

[8]Nipkow, T., Klein, G., "Concrete Semantics-A Proof Assistant Approach", Springer, 2014.

[9]Nipkow, T., "Programming and Proving in Isabelle/HOL",, 2012.

[10]Wenzel, M., "The Isabelle/Isar Reference Manual", TU MÄunchen, MÄunchen, 1999,

[11]Holzl, J., "Proving Real-Valued Inequalities by Computation in Isabelle/HOL", Diploma thesis, Institut f¨ur Informatik, Technische Universit¨at M¨unchen, 2009.

[12]"IEEE P1363.1. Public-key cryptographic techniques based on hard problems over lattices",, Accessed May 31, 2014.

[13]Hoffstein, J., Howgrave-Graham, N., Pipher, J., Silverman, J.H., Whyte, W., "Hybrid lattice reduction and meet in the middle resistant parameter selection for ntruencrypt", NTRU Cryptosystems, Inc., Acton, MA, Tech. Rep., 2007.

[14]Ballarin, C., "Tutorial to locales and locale interpretation", In L. Lambán, A. Romero, and J. Rubio, editors, Contribuciones Científicas en honor de Mirian Andrés Gómez. Servicio de Publicaciones de la Universidad de La Rioja, Logroño, Spain, 2010.

[15]Mallagaray, J.D., "Proofs of properties of finite-dimensional vector spaces using Isabelle/HOL", Universidad de La Rioja, 2011/2012,

[16]Security Innovation, Accessed August 9, 2013.

[17]Nipkow, T., "What's in Main", Isabelle TUM, 2013,

[18]Krauss, A., "Defining Recursive Functions in Isabelle/HOL", Isabelle TUM, 2008,

[19]Sternagel, C., Thiemann, R., "Executable matrix operations on matrices of arbitrary dimensions", Archive of Formal Proofs, 2010.

[20]Lindenberg, C., Wirt, K., Buchmann, J., "Formal proof for the correctness of RSA-PSS", IACR Cryptology ePrint Archive 2006, 11. 

[21]Silverman, J.H., "An Introduction to the Theory of Lattices and Applications to Cryptography", Computational Number Theory and Applications to Cryptography, University of Wyoming, 2006.

[22]Isabelle-TUM, Accessed December 05, 2013.

[23]Appel, A.W., "Verification of a Cryptographic Primitive: SHA-256", ACM Transactions on Programming Languages and Systems (TOPLAS), Princeton University, 2015.