Advertisement

Symplectic Lattice Reduction and NTRU

  • Nicolas Gama
  • Nick Howgrave-Graham
  • Phong Q. Nguyen
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4004)

Abstract

NTRU is a very efficient public-key cryptosystem based on polynomial arithmetic. Its security is related to the hardness of lattice problems in a very special class of lattices. This article is motivated by an interesting peculiar property of NTRU lattices. Namely, we show that NTRU lattices are proportional to the so-called symplectic lattices. This suggests to try to adapt the classical reduction theory to symplectic lattices, from both a mathematical and an algorithmic point of view. As a first step, we show that orthogonalization techniques (Cholesky, Gram-Schmidt, QR factorization, etc.) which are at the heart of all reduction algorithms known, are all compatible with symplecticity, and that they can be significantly sped up for symplectic matrices. Surprisingly, by doing so, we also discover a new integer Gram-Schmidt algorithm, which is faster than the usual algorithm for all matrices. Finally, we study symplectic variants of the celebrated LLL reduction algorithm, and obtain interesting speed ups.

Keywords

Reduction Algorithm Symplectic Group Cholesky Factorization Lattice Reduction Symplectic Transformation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Babai, L.: On Lovász lattice reduction and the nearest lattice point problem. Combinatorica 6, 1–13 (1986)MathSciNetCrossRefzbMATHGoogle Scholar
  2. 2.
    Bergé, A.-M.: Symplectic lattices. Quadratic forms and their applications (Dublin, 1999), Contemp. Math. 272, 9–22 (2000)MathSciNetCrossRefzbMATHGoogle Scholar
  3. 3.
    Buser, P., Sarnak, P.: On the period matrix of a Riemann surface of large genus. Invent. Math. 117(1), 27–56 (1994); With an appendix by Conway, J.H., Sloane, N.J.A MathSciNetCrossRefzbMATHGoogle Scholar
  4. 4.
    Cohen, H.: A Course in Computational Algebraic Number Theory, 2nd edn. Springer, Heidelberg (1995)Google Scholar
  5. 5.
    Conway, J., Sloane, N.: Sphere Packings, Lattices and Groups, 3rd edn. Springer, Heidelberg (1998)zbMATHGoogle Scholar
  6. 6.
    Coppersmith, D., Shamir, A.: Lattice attacks on NTRU. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 52–61. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  7. 7.
    Gentry, C., Jonsson, J., Stern, J., Szydlo, M.: Cryptanalysis of the NTRU signature scheme (NSS) from Eurocrypt 2001. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, p. 1. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  8. 8.
    Gentry, C., Szydlo, M.: Cryptanalysis of the revised NTRU signature scheme. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, p. 299. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  9. 9.
    Golub, G.H., Van Loan, C.F.: Matrix Computations, 3rd edn. The John Hopkins University Press (1996)Google Scholar
  10. 10.
    Hermite, C.: Extraits de lettres de M. Hermite à M. Jacobi sur différents objets de la théorie des nombres, deuxième lettre. J. Reine Angew. Math. 40, 279–290 (1850), Also available in the first volume of Hermite’s complete works, published by Gauthier-Villars. MathSciNetCrossRefGoogle Scholar
  11. 11.
    Hoffstein, J., Howgrave-Graham, N.A., Pipher, J., Silverman, J.H., Whyte, W.: NTRUSIGN: Digital signatures using the NTRU lattice. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 122–140. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  12. 12.
    Hoffstein, J., Pipher, J., Silverman, J.: NTRU: a ring based public key cryptosystem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 267–288. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  13. 13.
    Hoffstein, J., Pipher, J., Silverman, J.H.: NSS: An NTRU lattice-based signature scheme. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, p. 211. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  14. 14.
    Howgrave-Graham, N.: Finding small roots of univariate modular equations revisited. In: Darnell, M.J. (ed.) Cryptography and Coding 1997. LNCS, vol. 1355, pp. 131–142. Springer, Heidelberg (1997)Google Scholar
  15. 15.
    Howgrave-Graham, N.A., Nguyen, P.Q., Pointcheval, D., Proos, J., Silverman, J.H., Singer, A., Whyte, W.: The impact of decryption failures on the security of NTRU encryption. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 226–246. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  16. 16.
    IEEE P1363.1 Public-Key Cryptographic Techniques Based on Hard Problems over Lattices. IEEE (June 2003), available from: http://grouper.ieee.org/groups/1363/lattPK/index.html.
  17. 17.
    LaMacchia, B.A.: Basis reduction algorithms and subset sum problems. Technical Report AITR-1283 (1991)Google Scholar
  18. 18.
    Lenstra, A.K., Lenstra Jr., H.W., Lovász, L.: Factoring polynomials with rational coefficients. Mathematische Ann. 261, 513–534 (1982)MathSciNetzbMATHGoogle Scholar
  19. 19.
    Mackey, D.S., Mackey, N., Tisseur, F.: Structured factorizations in scalar product spaces. SIAM J. of Matrix Analysis and Appl. (to appear, 2005)Google Scholar
  20. 20.
    May, A., Silverman, J.H.: Dimension reduction methods for convolution modular lattices. In: Silverman, J.H. (ed.) CaLC 2001. LNCS, vol. 2146, p. 110. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  21. 21.
    Nguyen, P.Q., Regev, O.: Learning a parallelepiped: cryptanalysis of GGH and NTRU signatures. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 271–288. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  22. 22.
    Nguyen, P.Q., Stehlé, D.: Floating-point LLL revisited. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 215–233. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  23. 23.
    Nguyen, P.Q., Stern, J.: The two faces of lattices in cryptology. In: Silverman, J.H. (ed.) CaLC 2001. LNCS, vol. 2146, pp. 190–202. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  24. 24.
    Quebbemann, H.-G.: Modular lattices in Euclidean spaces. J. Number Theory 54(2), 190–202 (1995)MathSciNetCrossRefzbMATHGoogle Scholar
  25. 25.
    Schnorr, C.P.: A hierarchy of polynomial lattice basis reduction algorithms. Theoretical Computer Science 53, 201–224 (1987)MathSciNetCrossRefzbMATHGoogle Scholar
  26. 26.
    Seysen, M.: Simultaneous reduction of a lattice basis and its reciprocal basis. Combinatorica 13(3), 363–376 (1993)MathSciNetCrossRefzbMATHGoogle Scholar
  27. 27.
    de Weger, B.M.M.: Solving exponential Diophantine equations using lattice basis reduction algorithms. J. Number Theory 26(3), 325–367 (1987)MathSciNetCrossRefzbMATHGoogle Scholar
  28. 28.
    Weyl, H.: The classical groups. Princeton Landmarks in Mathematics. Princeton University Press, Princeton (1997); Their invariants and representations, Fifteenth printing, Princeton PaperbacksGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Nicolas Gama
    • 1
  • Nick Howgrave-Graham
    • 2
  • Phong Q. Nguyen
    • 3
  1. 1.École normale supérieure, DIParisFrance
  2. 2.NTRU CryptosystemsBurlingtonUSA
  3. 3.CNRS/École normale supérieure, DIParisFrance

Personalised recommendations