Paper 2018/630

Characterizing overstretched NTRU attacks

Gabrielle De Micheli, Nadia Heninger, and Barak Shani


Overstretched NTRU, an NTRU variant with a large modulus, has been used as a building block for several cryptographic schemes in recent years. Recently, two lattice \emph{subfield attacks} and a \emph{subring attack} were proposed that broke some suggested parameters for overstretched NTRU. These attacks work by decreasing the dimension of the lattice to be reduced, which improves the performance of the lattice basis reduction algorithm. However, there are a number of conflicting claims in the literature over which of these attacks has the best performance. These claims are typically based on experiments more than analysis. Furthermore, the metric for comparison has been unclear in some prior work. In this paper, we argue that the correct metric should be the lattice dimension. We show both analytically and experimentally that the subring attack succeeds on a smaller dimension lattice than the subfield attack for the same problem parameters, and also succeeds with a smaller modulus when the lattice dimension is fixed.

Note: Few minor revisions.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. MINOR appear in Journal of Mathematical Cryptology
lattice techniquesoverstretched NTRUsubfield attacksubring attack
Contact author(s)
gmicheli @ seas upenn edu
2019-01-08: revised
2018-06-26: received
See all versions
Short URL
Creative Commons Attribution


      author = {Gabrielle De Micheli and Nadia Heninger and Barak Shani},
      title = {Characterizing overstretched NTRU attacks},
      howpublished = {Cryptology ePrint Archive, Paper 2018/630},
      year = {2018},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.