International Conference on the Theory and Applications of Cryptographic Techniques

EUROCRYPT 2001: Advances in Cryptology — EUROCRYPT 2001 pp 182-194

Key Recovery and Message Attacks on NTRU-Composite

  • Craig Gentry
Conference paper

DOI: 10.1007/3-540-44987-6_12

Volume 2045 of the book series Lecture Notes in Computer Science (LNCS)


NTRU is a fast public key cryptosystem presented in 1996 by Hoffstein, Pipher and Silverman ofBro wn University. It operates in the ring ofp olynomials ℤ[X]/(XN − 1), where the domain parameter N largely determines the security ofthe system. Although N is typically chosen to be prime, Silverman proposes taking N to be a power of two to enable the use of Fast Fourier Transforms. We break this scheme for the specified parameters by reducing lattices ofmanageably small dimension to recover partial information about the private key. We then use this partial information to recover partial information about the message or to recover the private key in its entirety.

Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Craig Gentry
    • 1
  1. 1.DoCoMo Communications Laboratories USA, Inc.San JoseUSA