Skip to main content
SpringerLink
Log in

Practical Lattice-Based Cryptography: NTRUEncrypt and NTRUSign

  • Chapter
  • First Online:
Book cover The LLL Algorithm

Part of the book series: Information Security and Cryptography ((ISC))

Abstract

We provide a brief history and overview of lattice based cryptography and cryptanalysis: shortest vector problems, closest vector problems, subset sum problem and knapsack systems, GGH, Ajtai-Dwork and NTRU. A detailed discussion of the algorithms NTRUEncrypt and NTRUSign follows. These algorithms have attractive operating speed and keysize and are based on hard problems that are seemingly intractable. We discuss the state of current knowledge about the security of both algorithms and identify areas for further research.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 189.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 249.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 249.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. M. Ajtai, The shortest vector problem in L2 is NP-hard for randomized reductions (extended abstract), in Proc. 30th ACM symp on Theory of Computing, pp. 10–19, 1998

    Google Scholar 

  2. O. Goldreich, D. Micciancio, S. Safra, J.-P. Seifert, Approximating shortest lattice vectors is not harder than approximating closest lattice vectors, in Inform. Process. Lett. 71(2), 55–61, 1999

    Article  MATH  MathSciNet  Google Scholar 

  3. D. Micciancio, Complexity of Lattice Problems, Kluwer International Series in Engineering and Computer Science, vol. 671 Kluwer, Dordrecht, March 2002

    Google Scholar 

  4. H. Cohn, A. Kumar, The densest lattice in twenty-four dimensions in Electron. Res. Announc. Amer. Math. Soc. 10, 58–67, 2004

    Article  MATH  MathSciNet  Google Scholar 

  5. R.C. Merkle, M.E. Hellman, Hiding information and signatures in trapdoor knapsacks, in Secure communications and asymmetric cryptosystems, AAAS Sel. Sympos. Ser, 69, 197–215, 1982

    MathSciNet  Google Scholar 

  6. A.M. Odlyzko, The rise and fall of knapsack cryptosystems, in Cryptology and computational number theory (Boulder, CO, 1989), Proc. Sympos. Appl. Math. 42, 75–88, 1990

    Google Scholar 

  7. A.K. Lenstra, A.K., H.W. Lenstra, L. Lovász, Factoring polynomials with rational coefficients, Math. Ann. 261, 515–534, 1982

    Google Scholar 

  8. M. Ajtai, C. Dwork, A public-key cryptosystem with worst- case/average-case equivalence, in Proc. 29th Annual ACM Symposium on Theory of Computing (STOC), pp. 284–293, ACM Press, New York, 1997

    Google Scholar 

  9. O. Goldreich, S. Goldwasser, S. Halevi, Public-key cryptosystems from lattice reduction problems, advances in cryptology, in Proc. Crypto 97, Lecture Notes in Computer Science, vol. 1294, pp. 112–131, Springer, Berlin, 1997

    Google Scholar 

  10. J. Hoffstein, J. Pipher, J.H. Silverman, NTRU: A new high speed public key cryptosystem, in J.P. Buhler (Ed.), Algorithmic Number Theory (ANTS III), Portland, OR, June 1998, Lecture Notes in Computer Science 1423, pp. 267–288, Springer, Berlin, 1998

    Google Scholar 

  11. P. Nguyen, J. Stern, Cryptanalysis of the Ajtai-Dwork cryptosystem, in Proc. of Crypto ’98, vol. 1462 of LNCS, pp. 223–242, Springer, Berlin, 1998

    Google Scholar 

  12. L. Babai, On Lovasz Lattice Reduction and the Nearest Lattice Point Prob- lem, Combinatorica, vol. 6, pp. 113, 1986

    Article  MathSciNet  Google Scholar 

  13. P. Nguyen, Cryptanalysis of the Goldreich-Goldwasser-Halevi Cryptosystem from Crypto ’97, in Crypto’99, LNCS 1666, pp. 288–304, Springer, Berlin, 1999

    Google Scholar 

  14. J. Hoffstein, J.H. Silverman, W. Whyte, Estimated Breaking Times for NTRU Lattices, Technical report, NTRU Cryptosystems, June 2003 Report #012, version 2, Available at http://www.ntru.com

  15. P. Nguyen, O. Regev, Learning a Parallelepiped: Cryptanalysis of GGH and NTRU Signatures, Eurocrypt, pp. 271–288, 2006

    Google Scholar 

  16. J. Hoffstein, J. Pipher, J.H. Silverman, NSS: The NTRU signature scheme, in B. Pfitzmann (Ed.), Eurocrypt ’01, Lecture Notes in Computer Science 2045, pp. 211–228, Springer, Berlin, 2001

    Google Scholar 

  17. J. Hoffstein, N. Howgrave-Graham, J. Pipher, J. Silverman, W. Whyte, NTRUSign: Digital Signatures Using the NTRU Lattice, CT-RSA, 2003

    Google Scholar 

  18. J. Hoffstein, N. Howgrave-Graham, J. Pipher, J. Silverman, W. Whyte, NTRUSign: Digital Signatures Using the NTRU Lattice, extended version, Available from http://ntru.com/cryptolab/pdf/NTRUSign-preV2.pdf

  19. N. Howgrave-Graham, P. Nguyen, D. Pointcheval, J. Proos, J.H. Silverman, A. Singer, W. Whyte, The Impact of Decryption Failures on the Security of NTRU Encryption, Advances in Cryptology – Crypto 2003, Lecture Notes in Computer Science 2729, pp. 226–246, Springer, Berlin, 2003

    Google Scholar 

  20. J. Proos, Imperfect Decryption and an Attack on the NTRU Encryption Scheme, IACR ePrint Archive, report 02/2003, Available at http://eprint.iacr.org/2003/002/

  21. Consortium for Efficient Embedded Security, Efficient Embedded Security Standard #1 version 2, Available from http://www.ceesstandards.org

  22. C. Gentry, J. Jonsson, J. Stern, M. Szydlo, Cryptanalysis of the NTRU signature scheme, (NSS), from Eurocrypt 2001, in Proc. of Asiacrypt 2001, Lecture Notes in Computer Science, pp. 1–20, Springer, Berlin, 2001

    Google Scholar 

  23. C. Gentry, M Szydlo, Cryptanalysis of the Revised NTRU SignatureScheme, Advances in Cryptology – Eurocrypt ’02, Lecture Notes in Computer Science, Springer, Berlin, 2002

    Google Scholar 

  24. P.Q. Nguyen, A Note on the Security of NTRUSign, Cryptology ePrint Archive: Report 2006/387

    Google Scholar 

  25. N. Howgrave-Graham, J.H. Silverman, W. Whyte, Choosing Parameter Sets for NTRUEncrypt with NAEP and SVES-3, CT-RSA, 2005

    Google Scholar 

  26. J. Hoffstein, N. Howgrave-Graham, J. Pipher, J. Silverman, W. Whyte, Performance Improvements and a Baseline Parameter Generation Algorithm for NTRUSign, Workshop on Mathematical Problems and Techniques in Cryptology, Barcelona, Spain, June 2005

    Google Scholar 

  27. P. Shor, Polynomial time algorithms for prime factorization and discrete logarithms on a quantum computer, Preliminary version appeared in Proc. of 35th Annual Symp. on Foundations of Computer Science, Santa Fe, NM, Nov 20–22, 1994. Final version published in SIAM J. Computing 26 (1997) 1484, Published in SIAM J. Sci. Statist. Comput. 26, 1484, 1997, e-Print Archive: quant-ph/9508027

    Google Scholar 

  28. C. Ludwig, A Faster Lattice Reduction Method Using Quantum Search, TU-Darmstadt Cryptography and Computeralgebra Technical Report No. TI-3/03, revised version published in Proc. of ISAAC 2003

    Google Scholar 

  29. J. Hoffstein, J.H. Silverman, Invertibility in truncated polynomial rings, Technical report, NTRU Cryptosystems, October 1998, Report #009, version 1, Available at http://www.ntru.com

  30. N. Howgrave-Graham, J.H. Silverman, A. Singer, W. Whyte, NAEP: Provable Security in the Presence of Decryption Failures, IACR ePrint Archive, Report 2003-172, http://eprint.iacr.org/2003/172/

  31. M. Bellare, P. Rogaway, Optimal asymmetric encryption, in Proc. of Eurocrypt ’94, vol. 950 of LNCS, IACR, pp. 92–111, Springer, Berlin, 1995

    Google Scholar 

  32. D. Boneh, Simplified OAEP for the RSA and Rabin functions, in Proc. of Crypto ’2001, Lecture Notes in Computer Science, vol. 2139, pp. 275–291, Springer, Berlin, 2001

    Google Scholar 

  33. M. Brown, D. Hankerson, J. López, A. Menezes, Software Implementation of the NIST Elliptic Curves Over Prime Fields in D. Naccache (Ed.), CT-RSA 2001, LNCS 2020, pp. 250–265, Springer, Berlin, 2001

    Google Scholar 

  34. A.K. Lenstra, E.R. Verheul, Selecting cryptographic key sizes, J. Cryptol. 14(4), 255–293, 2001, Available from http://www.cryptosavvy.com

    Google Scholar 

  35. R.D. Silverman, A Cost-Based Security Analysis of Symmetric and Asymmetric Key Lengths, RSA Labs Bulletin 13, April 2000, Available from http://www.rsasecurity.com/rsalabs

  36. NIST Special Publication 800-57, Recommendation for Key Management, Part 1: General Guideline, January 2003, Available from http://csrc.nist.gov/CryptoToolkit/kms/guideline-1-Jan03.pdf

  37. B. Kaliski, Comments on SP 800-57, Recommendation for Key Management, Part 1: General Guidelines, Available from http://csrc.nist.gov/CryptoToolkit/kms/CommentsSP800-57Part1.pdf

  38. R. Rivest, A. Shamir, L.M. Adleman, A method for obtaining digital signatures and public-key cryptosystems, Commun. ACM 21, 120–126, 1978

    Article  MATH  MathSciNet  Google Scholar 

  39. N. Koblitz, Elliptic curve cryptosystems, Mathematics of Computation, 48, pp. 203–209, 1987

    Article  MATH  MathSciNet  Google Scholar 

  40. V. Miller, Uses of elliptic curves in cryptography, in Advances in Cryptology: Crypto ’85, pp. 417–426, 1985

    Google Scholar 

  41. N. Howgrave-Graham, J.H. Silverman, W. Whyte, A Meet-in-the-Middle Attack on an NTRU Private key, Technical report, NTRU Cryptosystems, June 2003, Report #004, version 2, Available at http://www.ntru.com

  42. D. Coppersmith, A. Shamir, Lattice Attack on NTRU, Advances in Cryptology – Eurocrypt 97, Springer, Berlin

    Google Scholar 

  43. A. May, J.H. Silverman, Dimension reduction methods for convolution modular lattices, in J.H. Silverman (Ed.), Cryptography and Lattices Conference (CaLC 2001), Lecture Notes in Computer Science 2146, Springer, Berlin, 2001

    Google Scholar 

  44. N. Howgrave-Graham, A Hybrid Lattice-Reduction and Meet-in-the-Middle Attack Against NTRU, Lecture Notes in Computer Science, Springer, Berlin, in Advances in Cryptology – CRYPTO 2007, vol. 4622/2007, pp. 150–169, 2007

    Google Scholar 

  45. P. Hirschhorn, J. Hoffstein, N. Howgrave-Graham, W. Whyte, Choosing NTRU Parameters in Light of Combined Lattice Reduction and MITM Approaches

    Google Scholar 

  46. C. Gentry, Key Recovery and Message Attacks on NTRU-Composite, Advances in Cryptology – Eurocrypt ’01, LNCS 2045, Springer, Berlin, 2001

    Google Scholar 

  47. J.H. Silverman, Invertibility in Truncated Polynomial Rings, Technical report, NTRU Cryptosystems, October 1998, Report #009, version 1, Available at http://www.ntru.com

  48. Kirill Levchenko, Chernoff Bound, Available at http://www.cs.ucsd.edu/∖∼klevchen/techniques/chernoff.pdf

  49. L. Grover, A fast quantum mechanical algorithm for database search, in Proc. 28th Annual ACM Symposium on the Theory of Computing, 1996

    Google Scholar 

  50. O. Regev, Quantum computation and lattice problems, in Proc. 43rd Annual Symposium on the Foundations of Computer Science, pp. 520–530, IEEE Computer Society Press, Los Alamitos, California, USA, 2002, http://citeseer.ist.psu.edu/regev03quantum.html

  51. T. Tatsuie, K. Hiroaki, Efficient algorithm for the unique shortest lattice vector problem using quantum oracle, IEIC Technical Report, Institute of Electronics, Information and Communication Engineers, vol. 101, No. 44(COMP2001 5–12), pp. 9–16, 2001

    Google Scholar 

  52. Greg Kuperberg, A Sub-Exponential-Time Quantum Algorithm For The Dihedral Hidden Subgroup Problem, 2003, http://arxiv.org/abs/quant-ph/0302112

  53. O. Regev, A Sub-Exponential Time Algorithm for the Dihedral Hidden Subgroup Problem with Polynomial Space, June 2004, http://arxiv.org/abs/quant-ph/0406151

  54. R. Hughes, G. Doolen, D. Awschalom, C. Caves, M. Chapman, R. Clark, D. Cory, D. DiVincenzo, A. Ekert, P. Chris Hammel, P. Kwiat, S. Lloyd, G. Milburn, T. Orlando, D. Steel, U. Vazirani, B. Whaley, D. Wineland, A Quantum Information Science and Technology Roadmap, Part 1: Quantum Computation, Report of the Quantum Information Science and Technology Experts Panel, Version 2.0, April 2, 2004, Advanced Research and Development Activity, http://qist.lanl.gov/pdfs/qc{ _}roadmap.pdf

  55. ANSI X9.62, Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA), 1999

    Google Scholar 

  56. D. Hankerson, J. Hernandez, A. Menezes, Software implementation of elliptic curve cryptography over binary fields, in Proc. CHES 2000, Lecture Notes in Computer Science, 1965, pp. 1–24, 2000

    Google Scholar 

  57. J. Hoffstein, J.H. Silverman, Optimizations for NTRU, In Publickey Cryptography and Computational Number Theory. DeGruyter, 2000, Available from http://www.ntru.com

  58. J. Hoffstein, J.H. Silverman, Random Small Hamming Weight Products with Applications to Cryptography, Discrete Applied Mathematics, Available from http://www.ntru.com

  59. E. Kiltz, J. Malone-Lee, A General Construction of IND-CCA2 Secure Public Key Encryption, in Cryptography and Coding, pp. 152–166, Springer, Berlin, December 2003

    Google Scholar 

  60. T. Meskanen, A. Renvall, Wrap Error Attack Against NTRUEncrypt, in Proc. of WCC ’03, 2003

    Google Scholar 

  61. NIST, Digital Signature Standard, FIPS Publication 186-2, February 2000

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. NTRU Cryptosystems, 35 Nagog Park, Acton, MA, 01720, USA

    Jeff Hoffstein

Authors
  1. Jeff Hoffstein
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nick Howgrave-Graham
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jill Pipher
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. William Whyte
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jeff Hoffstein .

Editor information

Editors and Affiliations

  1. Dépt. Mathématiques et d'Informatique, Ecole Normale Supérieure, rue d'Ulm 45, Paris CX 05, 75230, France

    Phong Q. Nguyen

  2. Dept. Informatique, Université de Caen, Caen CX, 14032, France

    Brigitte Vallée

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Hoffstein, J., Howgrave-Graham, N., Pipher, J., Whyte, W. (2009). Practical Lattice-Based Cryptography: NTRUEncrypt and NTRUSign. In: Nguyen, P., Vallée, B. (eds) The LLL Algorithm. Information Security and Cryptography. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-02295-1_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-02295-1_11

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-02294-4

  • Online ISBN: 978-3-642-02295-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation