An Algebraic Approach to NTRU (q = 2n) via Witt Vectors and Overdetermined Systems of Nonlinear Equations

  • J. H. Silverman
  • N. P. Smart
  • F. Vercauteren
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3352)


We use the theory of Witt vectors to develop an algebraic approach for studying the NTRU primitive with q parameter equal to a power of two. This results in a system of nonlinear algebraic equations over \(\mathbb{F}_{2}\) having many symmetries, which is reminiscent of the approach of Courtois, Murphy, Pieprzyk, Robshaw and others for studying the structure of block ciphers such as the AES. We study whether this approach to NTRU provides any immediate security threat and conclude that under the most favourable assumptions, the method is of asymptotic interest but is completely impractical at current or likely future parameter sizes.


Block Cipher Algebraic Approach Stream Cipher Overdetermined System Algebraic Attack 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Consortium for Efficient Embedded Security. Efficient embedded security standards # 1: Implementation aspects of NTRU and NSS, Version 1 (2002)Google Scholar
  2. 2.
    NTRU CryptoLab. Challenge Problems, Available from
  3. 3.
    Courtois, N., Klimov, A., Patarin, J., Shamir, A.: Efficient algorithms for solving overdefined systems of multivariate polynomial equations. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 392–407. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  4. 4.
    Courtois, N., Patarin, J.: About the XL algorithm over GF(2). In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 141–157. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  5. 5.
    Courtois, N., Pieprzyk, J.: Cryptanalysis of block ciphers with overdefined systems of equations. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 267–287. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  6. 6.
    Gentry, C.: Key recovery and message attacks on NTRU-composite. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 182–194. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  7. 7.
    Hoffstein, J., Pipher, J., Silverman, J.H.: NTRU: a ring-based public key cryptosystem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 267–288. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  8. 8.
    Howgrave-Graham, N., Nguyen, P.Q., Pointcheval, D., Proos, J., Silverman, J.H., Singer, A., Whyte, W.: The impact of decryption failures on the security of NTRU encryption. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 226–246. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  9. 9.
    Howgrave-Graham, N., Silverman, J.H., Whyte, W.: A meet-in-the-middle attack on an NTRU private key. NTRU Cryptosystems Technical Report #004, Version 2 (June 2003)Google Scholar
  10. 10.
    Lai, X.: On the design and security of block ciphers. ETH Series in Information Processing (1992)Google Scholar
  11. 11.
    May, A., Silverman, J.H.: Dimension reduction methods for convolution modular lattices. In: Silverman, J.H. (ed.) CaLC 2001. LNCS, vol. 2146, pp. 110–125. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  12. 12.
    Murphy, S., Robshaw, M.: Comments on the security of the AES and the XL technique. Unpublished Manuscript (2002)Google Scholar
  13. 13.
    Rivest, R.L.: The RC5 encryption algorithm. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 86–96. Springer, Heidelberg (1995)Google Scholar
  14. 14.
    Rivest, R.L., Robshaw, M., Sidney, R., Yin, L.: The RC6 block cipher. Submission to AES process (1998)Google Scholar
  15. 15.
    Serre, J.-P.: Local Fields. In: GTM, vol. 67. Springer, Heidelberg (1979)Google Scholar
  16. 16.
    Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput. 26, 1484–1509 (1997)zbMATHCrossRefMathSciNetGoogle Scholar
  17. 17.
    Silverman, J.H., Odlyzko, A.: A Meet-In-The-Middle Attack on an NTRU Private Key. Technical Report #004, NTRU Cryptosystems (1997)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • J. H. Silverman
    • 1
  • N. P. Smart
    • 2
  • F. Vercauteren
    • 2
  1. 1.Mathematics DepartmentBrown UniversityProvidenceU.S.A.
  2. 2.Dept. Computer ScienceUniversity of BristolBristolUnited Kingdom

Personalised recommendations