Lattice Attacks on NTRU

  • Don Coppersmith
  • Adi Shamir
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1233)


NTRU is a new public key cryptosystem proposed at Crypto 96 by Hoffstein, Pipher and Silverman from the Mathematics department of Brown University. It attracted considerable attention, and is being advertised over the Internet by NTRU Cryptosystems. Its security is based on the difficulty of analyzing the result of polynomial arithmetic modulo two unrelated moduli, and its correctness is based on clustering properties of the sums of random variables. In this paper, we apply new lattice basis reduction techniques to cryptanalyze the scheme, to discover either the original secret key, or an alternative secret key which is equally useful in decoding the ciphertexts.


Circulant Matrix Short Vector Lattice Basis Reduction Noncommutative Group Basis Reduction Algorithm 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    J. Hoffstein, J. Pipher and J. H. Silverman, “NTRU: A new high speed public key cryptosystem,” Manuscript, August 30, 1996; presented at rump session of Crypto 96.Google Scholar
  2. 2.
    J. Hoffstein, J. Pipher and J. H. Silverman, private communications, October 1996 and January 1997.Google Scholar
  3. 3.
    A. K. Lenstra, H. W. Lenstra and L. Lovasz, “Factoring Polynomials with Integer Coefficients,” Matematische Annalen 261 (1982), 513–534.MathSciNetGoogle Scholar
  4. 4.
    C. P. Schnorr, “A hierarchy of polynomial time lattice basis reduction algorithms,” Theoretical Computer Science 53 (1987), 201–224.CrossRefzbMATHMathSciNetGoogle Scholar
  5. 5.
    C. P. Schnorr, “Block reduced lattice bases and successive minima,” Combinatorics, Probability and Computing 3 (1994), 507–522.zbMATHCrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1997

Authors and Affiliations

  • Don Coppersmith
    • 1
  • Adi Shamir
    • 2
  1. 1.IBM ResearchYorktown HeightsUSA
  2. 2.Dept. Computer ScienceThe Weizmann Institute of ScienceRehovotIsrael

Personalised recommendations