Cryptology ePrint Archive: Report 2005/104

On estimating the lattice security of NTRU

Nick Howgrave-Graham and Jeff Hoffstein and Jill Pipher and William Whyte

Abstract: This report explicitly refutes the analysis behind a recent claim that NTRUEncrypt has a bit security of at most 74 bits. We also sum up some existing literature on NTRU and lattices, in order to help explain what should and what should not be classed as an improved attack against the hard problem underlying NTRUEncrypt. We also show a connection between Schnorr's RSR technique and exhaustively searching the NTRU lattice.

Category / Keywords: public-key cryptography / lattices

Date: received 11 Apr 2005

Contact author: nhowgravegraham at ntru com

Available formats: Postscript (PS) | Compressed Postscript (PS.GZ) | BibTeX Citation

Version: 20050414:012644 (All versions of this report)

Discussion forum: Show discussion | Start new discussion