Cryptology ePrint Archive: Report 2018/630

Characterizing overstretched NTRU attacks

Gabrielle De Micheli and Nadia Heninger and Barak Shani

Abstract: Overstretched NTRU, an NTRU variant with a large modulus, has been used as a building block for several cryptographic schemes in recent years. Recently, two lattice \emph{subfield attacks} and a \emph{subring attack} were proposed that broke some suggested parameters for overstretched NTRU. These attacks work by decreasing the dimension of the lattice to be reduced, which improves the performance of the lattice basis reduction algorithm. However, there are a number of conflicting claims in the literature over which of these attacks has the best performance. These claims are typically based on experiments more than analysis. Furthermore, the metric for comparison has been unclear in some prior work. In this paper, we argue that the correct metric should be the lattice dimension. We show both analytically and experimentally that the subring attack succeeds on a smaller dimension lattice than the subfield attack for the same problem parameters, and also succeeds with a smaller modulus when the lattice dimension is fixed.

Category / Keywords: public-key cryptography / lattice techniques, overstretched NTRU, subfield attack, subring attack

Original Publication (with minor differences): to appear in Journal of Mathematical Cryptology

Date: received 25 Jun 2018, last revised 8 Jan 2019

Contact author: gmicheli at seas upenn edu

Available format(s): PDF | BibTeX Citation

Note: Few minor revisions.

Version: 20190108:091540 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]