A MULTIPLE BIRTHDAY ATTACK ON NTRU
Raphael Overbeck
2008
Abstract
In this paper we view the possibilities to lance a multiple (iterative) birthday attack on NTRU. Recently Wagner’s algorithm for the generalized birthday problem (Wagner, 2002) allowed to speed-up several combinatorial attacks. However, in the case of NTRU we can not hope to to apply Wagner’s algorithm directly, as the search space does not behave nicely. In this paper we show that we can nevertheless draw profit from a multiple birthday approach. Our approach allows us to attack ees251ep6 parameter set on a computer with only 252 Bits of memory and about 29 times faster as with Odlyzko’s combinatorial attack – this is an improvement factor about 243 in space complexity. We thus contradict the common believe, that in comparison to computational requirements, the “storage requirement is by far the larger obstacle” (Howgrave-Graham, 2007) to attack NTRU by combinatorial attacks. Further, our attack is about 27 times faster than the space-reduced variant from (Howgrave-Graham, 2007) employing the same amount of memory.
References
- Coppersmith, D. and Shamir, A. (1997). Lattice attacks on NTRU. Proc. of Eurocrypt 7897, LNCS. SpringerVerlag.
- Hoffstein, J., Pipher, J., and Silverman, J. (1998). NTRU: a ring based public key cryptosystem. Proc. of ANTS III, 1423 of LNCS:267-288, Springer-Verlag.
- Howgrave-Graham, N. (2007). A hybrid lattice-reduction and meet-in-the-middle attack against ntru. In Proc. of CRYPT'07, volume 4622 of Lecture Notes in Computer Science, pages 150-169. Springer.
- Howgrave-Graham, N., Nguyen, P., Pointcheval, D., Proos, J., Silverman, J., Singer, A., and Whyte, W. (2003). The impact of decryption failures on the security of NTRU encryption. To appear in Proc. of CRYPTO 7803, LNCS, 2729:226-246. Springer-Verlag.
- May, A. and Silverman, J. (2001). Dimension reduction methods for convolution modular lattices. Proc. of CaLC 2001, LNCS, 2146:111-127. Springer-Verlag.
- Micciancio, D. and Goldwasser, S. (2002). Complexity of Lattice Problems: a cryptographic perspective, volume 671 of The Kluwer International Series in Engineering and Computer Science. Kluwer Academic Publishers, Boston, Massachusetts.
- P1363.1/D9, I. (2003). Draft standard for public-key cryptographic techniques based on hard problems over lattices. W. Whyte (editor).
- Silverman, J. (1999). Dimension reduced lattices, zeroforced lattices, and the NTRU public key cryptosystem. NTRU Technical Report, 013. available at www.ntru.com.
- Wagner, D. (2002). A generalized birthday problem. In Yung, M., editor, CRYPTO, volume 2442 of Lecture Notes in Computer Science, pages 288-303. Springer.
Paper Citation
in Harvard Style
Overbeck R. (2008). A MULTIPLE BIRTHDAY ATTACK ON NTRU . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2008) ISBN 978-989-8111-59-3, pages 237-244. DOI: 10.5220/0001916602370244
in Bibtex Style
@conference{secrypt08,
author={Raphael Overbeck},
title={A MULTIPLE BIRTHDAY ATTACK ON NTRU},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2008)},
year={2008},
pages={237-244},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001916602370244},
isbn={978-989-8111-59-3},
}
in EndNote Style
TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2008)
TI - A MULTIPLE BIRTHDAY ATTACK ON NTRU
SN - 978-989-8111-59-3
AU - Overbeck R.
PY - 2008
SP - 237
EP - 244
DO - 10.5220/0001916602370244