Abstract
We provide a brief history and overview of lattice based cryptography and cryptanalysis: shortest vector problems, closest vector problems, subset sum problem and knapsack systems, GGH, Ajtai-Dwork and NTRU. A detailed discussion of the algorithms NTRUEncrypt and NTRUSign follows. These algorithms have attractive operating speed and keysize and are based on hard problems that are seemingly intractable. We discuss the state of current knowledge about the security of both algorithms and identify areas for further research.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
Keywords
- Signature Scheme
- Lattice Reduction
- Short Vector
- Elliptic Curve Digital Signature Algorithm
- Close Vector Problem
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
M. Ajtai, The shortest vector problem in L2 is NP-hard for randomized reductions (extended abstract), in Proc. 30th ACM symp on Theory of Computing, pp. 10–19, 1998
O. Goldreich, D. Micciancio, S. Safra, J.-P. Seifert, Approximating shortest lattice vectors is not harder than approximating closest lattice vectors, in Inform. Process. Lett. 71(2), 55–61, 1999
D. Micciancio, Complexity of Lattice Problems, Kluwer International Series in Engineering and Computer Science, vol. 671 Kluwer, Dordrecht, March 2002
H. Cohn, A. Kumar, The densest lattice in twenty-four dimensions in Electron. Res. Announc. Amer. Math. Soc. 10, 58–67, 2004
R.C. Merkle, M.E. Hellman, Hiding information and signatures in trapdoor knapsacks, in Secure communications and asymmetric cryptosystems, AAAS Sel. Sympos. Ser, 69, 197–215, 1982
A.M. Odlyzko, The rise and fall of knapsack cryptosystems, in Cryptology and computational number theory (Boulder, CO, 1989), Proc. Sympos. Appl. Math. 42, 75–88, 1990
A.K. Lenstra, A.K., H.W. Lenstra, L. Lovász, Factoring polynomials with rational coefficients, Math. Ann. 261, 515–534, 1982
M. Ajtai, C. Dwork, A public-key cryptosystem with worst- case/average-case equivalence, in Proc. 29th Annual ACM Symposium on Theory of Computing (STOC), pp. 284–293, ACM Press, New York, 1997
O. Goldreich, S. Goldwasser, S. Halevi, Public-key cryptosystems from lattice reduction problems, advances in cryptology, in Proc. Crypto 97, Lecture Notes in Computer Science, vol. 1294, pp. 112–131, Springer, Berlin, 1997
J. Hoffstein, J. Pipher, J.H. Silverman, NTRU: A new high speed public key cryptosystem, in J.P. Buhler (Ed.), Algorithmic Number Theory (ANTS III), Portland, OR, June 1998, Lecture Notes in Computer Science 1423, pp. 267–288, Springer, Berlin, 1998
P. Nguyen, J. Stern, Cryptanalysis of the Ajtai-Dwork cryptosystem, in Proc. of Crypto ’98, vol. 1462 of LNCS, pp. 223–242, Springer, Berlin, 1998
L. Babai, On Lovasz Lattice Reduction and the Nearest Lattice Point Prob- lem, Combinatorica, vol. 6, pp. 113, 1986
P. Nguyen, Cryptanalysis of the Goldreich-Goldwasser-Halevi Cryptosystem from Crypto ’97, in Crypto’99, LNCS 1666, pp. 288–304, Springer, Berlin, 1999
J. Hoffstein, J.H. Silverman, W. Whyte, Estimated Breaking Times for NTRU Lattices, Technical report, NTRU Cryptosystems, June 2003 Report #012, version 2, Available at http://www.ntru.com
P. Nguyen, O. Regev, Learning a Parallelepiped: Cryptanalysis of GGH and NTRU Signatures, Eurocrypt, pp. 271–288, 2006
J. Hoffstein, J. Pipher, J.H. Silverman, NSS: The NTRU signature scheme, in B. Pfitzmann (Ed.), Eurocrypt ’01, Lecture Notes in Computer Science 2045, pp. 211–228, Springer, Berlin, 2001
J. Hoffstein, N. Howgrave-Graham, J. Pipher, J. Silverman, W. Whyte, NTRUSign: Digital Signatures Using the NTRU Lattice, CT-RSA, 2003
J. Hoffstein, N. Howgrave-Graham, J. Pipher, J. Silverman, W. Whyte, NTRUSign: Digital Signatures Using the NTRU Lattice, extended version, Available from http://ntru.com/cryptolab/pdf/NTRUSign-preV2.pdf
N. Howgrave-Graham, P. Nguyen, D. Pointcheval, J. Proos, J.H. Silverman, A. Singer, W. Whyte, The Impact of Decryption Failures on the Security of NTRU Encryption, Advances in Cryptology – Crypto 2003, Lecture Notes in Computer Science 2729, pp. 226–246, Springer, Berlin, 2003
J. Proos, Imperfect Decryption and an Attack on the NTRU Encryption Scheme, IACR ePrint Archive, report 02/2003, Available at http://eprint.iacr.org/2003/002/
Consortium for Efficient Embedded Security, Efficient Embedded Security Standard #1 version 2, Available from http://www.ceesstandards.org
C. Gentry, J. Jonsson, J. Stern, M. Szydlo, Cryptanalysis of the NTRU signature scheme, (NSS), from Eurocrypt 2001, in Proc. of Asiacrypt 2001, Lecture Notes in Computer Science, pp. 1–20, Springer, Berlin, 2001
C. Gentry, M Szydlo, Cryptanalysis of the Revised NTRU SignatureScheme, Advances in Cryptology – Eurocrypt ’02, Lecture Notes in Computer Science, Springer, Berlin, 2002
P.Q. Nguyen, A Note on the Security of NTRUSign, Cryptology ePrint Archive: Report 2006/387
N. Howgrave-Graham, J.H. Silverman, W. Whyte, Choosing Parameter Sets for NTRUEncrypt with NAEP and SVES-3, CT-RSA, 2005
J. Hoffstein, N. Howgrave-Graham, J. Pipher, J. Silverman, W. Whyte, Performance Improvements and a Baseline Parameter Generation Algorithm for NTRUSign, Workshop on Mathematical Problems and Techniques in Cryptology, Barcelona, Spain, June 2005
P. Shor, Polynomial time algorithms for prime factorization and discrete logarithms on a quantum computer, Preliminary version appeared in Proc. of 35th Annual Symp. on Foundations of Computer Science, Santa Fe, NM, Nov 20–22, 1994. Final version published in SIAM J. Computing 26 (1997) 1484, Published in SIAM J. Sci. Statist. Comput. 26, 1484, 1997, e-Print Archive: quant-ph/9508027
C. Ludwig, A Faster Lattice Reduction Method Using Quantum Search, TU-Darmstadt Cryptography and Computeralgebra Technical Report No. TI-3/03, revised version published in Proc. of ISAAC 2003
J. Hoffstein, J.H. Silverman, Invertibility in truncated polynomial rings, Technical report, NTRU Cryptosystems, October 1998, Report #009, version 1, Available at http://www.ntru.com
N. Howgrave-Graham, J.H. Silverman, A. Singer, W. Whyte, NAEP: Provable Security in the Presence of Decryption Failures, IACR ePrint Archive, Report 2003-172, http://eprint.iacr.org/2003/172/
M. Bellare, P. Rogaway, Optimal asymmetric encryption, in Proc. of Eurocrypt ’94, vol. 950 of LNCS, IACR, pp. 92–111, Springer, Berlin, 1995
D. Boneh, Simplified OAEP for the RSA and Rabin functions, in Proc. of Crypto ’2001, Lecture Notes in Computer Science, vol. 2139, pp. 275–291, Springer, Berlin, 2001
M. Brown, D. Hankerson, J. López, A. Menezes, Software Implementation of the NIST Elliptic Curves Over Prime Fields in D. Naccache (Ed.), CT-RSA 2001, LNCS 2020, pp. 250–265, Springer, Berlin, 2001
A.K. Lenstra, E.R. Verheul, Selecting cryptographic key sizes, J. Cryptol. 14(4), 255–293, 2001, Available from http://www.cryptosavvy.com
R.D. Silverman, A Cost-Based Security Analysis of Symmetric and Asymmetric Key Lengths, RSA Labs Bulletin 13, April 2000, Available from http://www.rsasecurity.com/rsalabs
NIST Special Publication 800-57, Recommendation for Key Management, Part 1: General Guideline, January 2003, Available from http://csrc.nist.gov/CryptoToolkit/kms/guideline-1-Jan03.pdf
B. Kaliski, Comments on SP 800-57, Recommendation for Key Management, Part 1: General Guidelines, Available from http://csrc.nist.gov/CryptoToolkit/kms/CommentsSP800-57Part1.pdf
R. Rivest, A. Shamir, L.M. Adleman, A method for obtaining digital signatures and public-key cryptosystems, Commun. ACM 21, 120–126, 1978
N. Koblitz, Elliptic curve cryptosystems, Mathematics of Computation, 48, pp. 203–209, 1987
V. Miller, Uses of elliptic curves in cryptography, in Advances in Cryptology: Crypto ’85, pp. 417–426, 1985
N. Howgrave-Graham, J.H. Silverman, W. Whyte, A Meet-in-the-Middle Attack on an NTRU Private key, Technical report, NTRU Cryptosystems, June 2003, Report #004, version 2, Available at http://www.ntru.com
D. Coppersmith, A. Shamir, Lattice Attack on NTRU, Advances in Cryptology – Eurocrypt 97, Springer, Berlin
A. May, J.H. Silverman, Dimension reduction methods for convolution modular lattices, in J.H. Silverman (Ed.), Cryptography and Lattices Conference (CaLC 2001), Lecture Notes in Computer Science 2146, Springer, Berlin, 2001
N. Howgrave-Graham, A Hybrid Lattice-Reduction and Meet-in-the-Middle Attack Against NTRU, Lecture Notes in Computer Science, Springer, Berlin, in Advances in Cryptology – CRYPTO 2007, vol. 4622/2007, pp. 150–169, 2007
P. Hirschhorn, J. Hoffstein, N. Howgrave-Graham, W. Whyte, Choosing NTRU Parameters in Light of Combined Lattice Reduction and MITM Approaches
C. Gentry, Key Recovery and Message Attacks on NTRU-Composite, Advances in Cryptology – Eurocrypt ’01, LNCS 2045, Springer, Berlin, 2001
J.H. Silverman, Invertibility in Truncated Polynomial Rings, Technical report, NTRU Cryptosystems, October 1998, Report #009, version 1, Available at http://www.ntru.com
Kirill Levchenko, Chernoff Bound, Available at http://www.cs.ucsd.edu/∖∼klevchen/techniques/chernoff.pdf
L. Grover, A fast quantum mechanical algorithm for database search, in Proc. 28th Annual ACM Symposium on the Theory of Computing, 1996
O. Regev, Quantum computation and lattice problems, in Proc. 43rd Annual Symposium on the Foundations of Computer Science, pp. 520–530, IEEE Computer Society Press, Los Alamitos, California, USA, 2002, http://citeseer.ist.psu.edu/regev03quantum.html
T. Tatsuie, K. Hiroaki, Efficient algorithm for the unique shortest lattice vector problem using quantum oracle, IEIC Technical Report, Institute of Electronics, Information and Communication Engineers, vol. 101, No. 44(COMP2001 5–12), pp. 9–16, 2001
Greg Kuperberg, A Sub-Exponential-Time Quantum Algorithm For The Dihedral Hidden Subgroup Problem, 2003, http://arxiv.org/abs/quant-ph/0302112
O. Regev, A Sub-Exponential Time Algorithm for the Dihedral Hidden Subgroup Problem with Polynomial Space, June 2004, http://arxiv.org/abs/quant-ph/0406151
R. Hughes, G. Doolen, D. Awschalom, C. Caves, M. Chapman, R. Clark, D. Cory, D. DiVincenzo, A. Ekert, P. Chris Hammel, P. Kwiat, S. Lloyd, G. Milburn, T. Orlando, D. Steel, U. Vazirani, B. Whaley, D. Wineland, A Quantum Information Science and Technology Roadmap, Part 1: Quantum Computation, Report of the Quantum Information Science and Technology Experts Panel, Version 2.0, April 2, 2004, Advanced Research and Development Activity, http://qist.lanl.gov/pdfs/qc{ _}roadmap.pdf
ANSI X9.62, Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA), 1999
D. Hankerson, J. Hernandez, A. Menezes, Software implementation of elliptic curve cryptography over binary fields, in Proc. CHES 2000, Lecture Notes in Computer Science, 1965, pp. 1–24, 2000
J. Hoffstein, J.H. Silverman, Optimizations for NTRU, In Publickey Cryptography and Computational Number Theory. DeGruyter, 2000, Available from http://www.ntru.com
J. Hoffstein, J.H. Silverman, Random Small Hamming Weight Products with Applications to Cryptography, Discrete Applied Mathematics, Available from http://www.ntru.com
E. Kiltz, J. Malone-Lee, A General Construction of IND-CCA2 Secure Public Key Encryption, in Cryptography and Coding, pp. 152–166, Springer, Berlin, December 2003
T. Meskanen, A. Renvall, Wrap Error Attack Against NTRUEncrypt, in Proc. of WCC ’03, 2003
NIST, Digital Signature Standard, FIPS Publication 186-2, February 2000
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Hoffstein, J., Howgrave-Graham, N., Pipher, J., Whyte, W. (2009). Practical Lattice-Based Cryptography: NTRUEncrypt and NTRUSign. In: Nguyen, P., Vallée, B. (eds) The LLL Algorithm. Information Security and Cryptography. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-02295-1_11
Download citation
DOI: https://doi.org/10.1007/978-3-642-02295-1_11
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-02294-4
Online ISBN: 978-3-642-02295-1
eBook Packages: Computer ScienceComputer Science (R0)