Key Recovery Attacks on NTRU without Ciphertext Validation Routine

  • Daewan Han
  • Jin Hong
  • Jae Woo Han
  • Daesung Kwon
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2727)


NTRU is an efficient public-key cryptosystem proposed by Hoffstein, Pipher, and Silverman. Assuming access to a decryption oracle, we show ways to recover the private key of NTRU systems that do not include a ciphertext validating procedure. The strongest of our methods will employ just a single call to the oracle, and in all cases, the number of calls needed will be small enough to be realistic.


Smart Card Decryption Process Cyclic Shift Message Space Decryption Oracle 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Consortium for Efficient Embedded Security, Efficient embedded security standards #1: Implementation aspects of NTRUEncrypt and NTRUSign. Draft version 5. Available from Scholar
  2. 2.
    Daewan Han, Jin Hong, Jae Woo Han, and Daesung Kwon, Key recovery attacks on NTRU without ciphertext validation routine. IACR ePrint 2002/188. Available from Scholar
  3. 3.
    Jeffrey Hoffstein, Jill Pipher, and Joseph H. Silverman, NTRU: A ring-based public key cryptosystem. In Proc. of ANTS III, LNCS 1423. Springer-Verlag, 1998.Google Scholar
  4. 4.
    Jeffrey Hoffstein and Joseph Silverman, Optimizations for NTRU. In Public-Key Cryptogrphy and Computational Number Theory. DeGruyter, 2002. Available from [10].Google Scholar
  5. 5.
    Jeffrey Hoffstein and Joseph H. Silverman, Reaction attacks against the NTRU public key cryptosystem. Techinal report #015, NTRU Cryptosystems. Available from [10].Google Scholar
  6. 6.
    Jeffrey Hoffstein and Joseph H. Silverman, Protecting NTRU Against Chosen Ciphertext and Reaction Attacks, Technical Report #016, NTRU Cryptosystems. Available from [10].Google Scholar
  7. 7.
    IEEE Standard P1363.1/D4, Standard specifications for public key cryptography: Techniques based on hard problems over lattices, IEEE. Available from Scholar
  8. 8.
    Éliane Jaulmes and Antoine Joux, A chosen-ciphertext attack against NTRU. Advances in Cryptology — CRYPTO 2000, LNCS 1880. Springer-Verlag, 2000.CrossRefGoogle Scholar
  9. 9.
    Phong Q. Nguyen and David Pointcheval, Analysis and improvements of NTRU encryption paddings. Advances in Cryptology — CRYPTO 2002, LNCS 2442. Springer-Verlag, 2002.CrossRefGoogle Scholar
  10. 10.
    NTRU Cryptosystems, Technical reports. Available from Scholar
  11. 11.
    NTRU Cryptosystems, The NTRU public key cryptosystem — A tutorial. Available from Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Daewan Han
    • 1
  • Jin Hong
    • 1
  • Jae Woo Han
    • 1
  • Daesung Kwon
    • 1
  1. 1.National Security Research InstituteDaejeonKorea

Personalised recommendations