NTRU: A ring-based public key cryptosystem

  • Jeffrey Hoffstein
  • Jill Pipher
  • Joseph H. Silverman
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1423)


We describe NTRU, a new public key cryptosystem. NTRU features reasonably short, easily created keys, high speed, and low memory requirements. NTRU encryption and decryption use a mixing system suggested by polynomial algebra combined with a clustering principle based on elementary probability theory. The security of the NTRU cryptosystem comes from the interaction of the polynomial mixing system with the independence of reduction modulo two relatively prime integers p and q.


Security Level Lattice Reduction Encrypt Message Short Vector Message Block 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    M. Blum, S. Goldwasser, An efficient probabilistic public-key encryption scheme which hides all partial information, Advances in Cryptology: Proceedings of CRYPTO 84, Lecture Notes in Computer Science, vol. 196, Springer-Verlag, 1985, pp. 289–299.Google Scholar
  2. 2.
    D. Coppersmith, A. Shamir, Lattice attacks on NTRU, Preprint, April 5, 1997; presented at Eurocrypt 97.Google Scholar
  3. 3.
    W. Diffie, M.E. Hellman, New directions in cryptography, IEEE Trans. on Information Theory 22 (1976), 644–654.zbMATHMathSciNetCrossRefGoogle Scholar
  4. 4.
    O. Goldreich, S. Goldwasser, S. Halevi, Public-key cryptosystems from lattice reduction problems, MIT — Laboratory for Computer Science preprint, November 1996.Google Scholar
  5. 5.
    S. Goldwasser and A. Micali, Probabilistic encryption, J. Computer and Systems Science 28 (1984), 270–299.zbMATHMathSciNetCrossRefGoogle Scholar
  6. 6.
    J. Hoffstein, J. Pipher, J.H. Silverman, NTRU: A new high speed public key cryptosystem, Preprint; presented at the rump session of Crypto 96.Google Scholar
  7. 7.
    A.K. Lenstra, H.W. Lenstra, L. LovŚz, Factoring polynomials with polynomial coefficients, Math. Annalen 261 (1982), 515–534.zbMATHCrossRefGoogle Scholar
  8. 8.
    R.J. McEliece, A public-key cryptosystem based on algebraic coding theory, JPL Pasadena, DSN Progress Reports 42–44 (1978), 114–116.Google Scholar
  9. 9.
    R.L. Rivest, A. Shamir, L. Adleman, A method for obtaining digital signatures and public key cryptosystems, Communications of the ACM 21 (1978), 120–126.zbMATHMathSciNetCrossRefGoogle Scholar
  10. 10.
    C.P. Schnorr, Block reduced lattice bases and successive minima, Combinatorics, Probability and Computing 3 (1994), 507–522.zbMATHMathSciNetCrossRefGoogle Scholar
  11. 11.
    C.P. Schnorr, M. Euchner, Lattice basis reduction: improved practical algorithms and solving subset sum problems, Mathematical Programing 66 (1994), 181–199.zbMATHMathSciNetCrossRefGoogle Scholar
  12. 12.
    C.P. Schnorr, H.H. Hoerner, Attacking the Chor Rivest cryptosystem by improved lattice reduction, Proc. EUROCRYPT 1995, Lecture Notes in Computer Science 921, Springer-Verlag, 1995, pp. 1–12.Google Scholar
  13. 13.
    J.H. Silverman, A Meet-In-The-Middle Attack on an NTRU Private Key, preprint.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1998

Authors and Affiliations

  • Jeffrey Hoffstein
  • Jill Pipher
  • Joseph H. Silverman

There are no affiliations available

Personalised recommendations