Symplectic Lattice Reduction and NTRU

  • Nicolas Gama
  • Nick Howgrave-Graham
  • Phong Q. Nguyen
Conference paper

DOI: 10.1007/11761679_15

Part of the Lecture Notes in Computer Science book series (LNCS, volume 4004)
Cite this paper as:
Gama N., Howgrave-Graham N., Nguyen P.Q. (2006) Symplectic Lattice Reduction and NTRU. In: Vaudenay S. (eds) Advances in Cryptology - EUROCRYPT 2006. EUROCRYPT 2006. Lecture Notes in Computer Science, vol 4004. Springer, Berlin, Heidelberg


NTRU is a very efficient public-key cryptosystem based on polynomial arithmetic. Its security is related to the hardness of lattice problems in a very special class of lattices. This article is motivated by an interesting peculiar property of NTRU lattices. Namely, we show that NTRU lattices are proportional to the so-called symplectic lattices. This suggests to try to adapt the classical reduction theory to symplectic lattices, from both a mathematical and an algorithmic point of view. As a first step, we show that orthogonalization techniques (Cholesky, Gram-Schmidt, QR factorization, etc.) which are at the heart of all reduction algorithms known, are all compatible with symplecticity, and that they can be significantly sped up for symplectic matrices. Surprisingly, by doing so, we also discover a new integer Gram-Schmidt algorithm, which is faster than the usual algorithm for all matrices. Finally, we study symplectic variants of the celebrated LLL reduction algorithm, and obtain interesting speed ups.

Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Nicolas Gama
    • 1
  • Nick Howgrave-Graham
    • 2
  • Phong Q. Nguyen
    • 3
  1. 1.École normale supérieure, DIParisFrance
  2. 2.NTRU CryptosystemsBurlingtonUSA
  3. 3.CNRS/École normale supérieure, DIParisFrance

Personalised recommendations