Symplectic Lattice Reduction and NTRU

  • Nicolas Gama
  • Nick Howgrave-Graham
  • Phong Q. Nguyen
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4004)

Abstract

NTRU is a very efficient public-key cryptosystem based on polynomial arithmetic. Its security is related to the hardness of lattice problems in a very special class of lattices. This article is motivated by an interesting peculiar property of NTRU lattices. Namely, we show that NTRU lattices are proportional to the so-called symplectic lattices. This suggests to try to adapt the classical reduction theory to symplectic lattices, from both a mathematical and an algorithmic point of view. As a first step, we show that orthogonalization techniques (Cholesky, Gram-Schmidt, QR factorization, etc.) which are at the heart of all reduction algorithms known, are all compatible with symplecticity, and that they can be significantly sped up for symplectic matrices. Surprisingly, by doing so, we also discover a new integer Gram-Schmidt algorithm, which is faster than the usual algorithm for all matrices. Finally, we study symplectic variants of the celebrated LLL reduction algorithm, and obtain interesting speed ups.

References

  1. 1.
    Babai, L.: On Lovász lattice reduction and the nearest lattice point problem. Combinatorica 6, 1–13 (1986)MathSciNetCrossRefMATHGoogle Scholar
  2. 2.
    Bergé, A.-M.: Symplectic lattices. Quadratic forms and their applications (Dublin, 1999), Contemp. Math. 272, 9–22 (2000)MathSciNetCrossRefMATHGoogle Scholar
  3. 3.
    Buser, P., Sarnak, P.: On the period matrix of a Riemann surface of large genus. Invent. Math. 117(1), 27–56 (1994); With an appendix by Conway, J.H., Sloane, N.J.A MathSciNetCrossRefMATHGoogle Scholar
  4. 4.
    Cohen, H.: A Course in Computational Algebraic Number Theory, 2nd edn. Springer, Heidelberg (1995)Google Scholar
  5. 5.
    Conway, J., Sloane, N.: Sphere Packings, Lattices and Groups, 3rd edn. Springer, Heidelberg (1998)MATHGoogle Scholar
  6. 6.
    Coppersmith, D., Shamir, A.: Lattice attacks on NTRU. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 52–61. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  7. 7.
    Gentry, C., Jonsson, J., Stern, J., Szydlo, M.: Cryptanalysis of the NTRU signature scheme (NSS) from Eurocrypt 2001. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, p. 1. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  8. 8.
    Gentry, C., Szydlo, M.: Cryptanalysis of the revised NTRU signature scheme. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, p. 299. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  9. 9.
    Golub, G.H., Van Loan, C.F.: Matrix Computations, 3rd edn. The John Hopkins University Press (1996)Google Scholar
  10. 10.
    Hermite, C.: Extraits de lettres de M. Hermite à M. Jacobi sur différents objets de la théorie des nombres, deuxième lettre. J. Reine Angew. Math. 40, 279–290 (1850), Also available in the first volume of Hermite’s complete works, published by Gauthier-Villars. MathSciNetCrossRefGoogle Scholar
  11. 11.
    Hoffstein, J., Howgrave-Graham, N.A., Pipher, J., Silverman, J.H., Whyte, W.: NTRUSIGN: Digital signatures using the NTRU lattice. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 122–140. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  12. 12.
    Hoffstein, J., Pipher, J., Silverman, J.: NTRU: a ring based public key cryptosystem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 267–288. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  13. 13.
    Hoffstein, J., Pipher, J., Silverman, J.H.: NSS: An NTRU lattice-based signature scheme. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, p. 211. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  14. 14.
    Howgrave-Graham, N.: Finding small roots of univariate modular equations revisited. In: Darnell, M.J. (ed.) Cryptography and Coding 1997. LNCS, vol. 1355, pp. 131–142. Springer, Heidelberg (1997)Google Scholar
  15. 15.
    Howgrave-Graham, N.A., Nguyen, P.Q., Pointcheval, D., Proos, J., Silverman, J.H., Singer, A., Whyte, W.: The impact of decryption failures on the security of NTRU encryption. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 226–246. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  16. 16.
    IEEE P1363.1 Public-Key Cryptographic Techniques Based on Hard Problems over Lattices. IEEE (June 2003), available from: http://grouper.ieee.org/groups/1363/lattPK/index.html.
  17. 17.
    LaMacchia, B.A.: Basis reduction algorithms and subset sum problems. Technical Report AITR-1283 (1991)Google Scholar
  18. 18.
    Lenstra, A.K., Lenstra Jr., H.W., Lovász, L.: Factoring polynomials with rational coefficients. Mathematische Ann. 261, 513–534 (1982)MathSciNetMATHGoogle Scholar
  19. 19.
    Mackey, D.S., Mackey, N., Tisseur, F.: Structured factorizations in scalar product spaces. SIAM J. of Matrix Analysis and Appl. (to appear, 2005)Google Scholar
  20. 20.
    May, A., Silverman, J.H.: Dimension reduction methods for convolution modular lattices. In: Silverman, J.H. (ed.) CaLC 2001. LNCS, vol. 2146, p. 110. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  21. 21.
    Nguyen, P.Q., Regev, O.: Learning a parallelepiped: cryptanalysis of GGH and NTRU signatures. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 271–288. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  22. 22.
    Nguyen, P.Q., Stehlé, D.: Floating-point LLL revisited. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 215–233. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  23. 23.
    Nguyen, P.Q., Stern, J.: The two faces of lattices in cryptology. In: Silverman, J.H. (ed.) CaLC 2001. LNCS, vol. 2146, pp. 190–202. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  24. 24.
    Quebbemann, H.-G.: Modular lattices in Euclidean spaces. J. Number Theory 54(2), 190–202 (1995)MathSciNetCrossRefMATHGoogle Scholar
  25. 25.
    Schnorr, C.P.: A hierarchy of polynomial lattice basis reduction algorithms. Theoretical Computer Science 53, 201–224 (1987)MathSciNetCrossRefMATHGoogle Scholar
  26. 26.
    Seysen, M.: Simultaneous reduction of a lattice basis and its reciprocal basis. Combinatorica 13(3), 363–376 (1993)MathSciNetCrossRefMATHGoogle Scholar
  27. 27.
    de Weger, B.M.M.: Solving exponential Diophantine equations using lattice basis reduction algorithms. J. Number Theory 26(3), 325–367 (1987)MathSciNetCrossRefMATHGoogle Scholar
  28. 28.
    Weyl, H.: The classical groups. Princeton Landmarks in Mathematics. Princeton University Press, Princeton (1997); Their invariants and representations, Fifteenth printing, Princeton PaperbacksGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Nicolas Gama
    • 1
  • Nick Howgrave-Graham
    • 2
  • Phong Q. Nguyen
    • 3
  1. 1.École normale supérieure, DIParisFrance
  2. 2.NTRU CryptosystemsBurlingtonUSA
  3. 3.CNRS/École normale supérieure, DIParisFrance

Personalised recommendations