Abstract
In this paper we view the possibilities to lance a multiple (iterative) birthday attack on NTRU. Recently Wagner’s algorithm for the generalized birthday problem [9] allowed to speed-up several combinatorial attacks. However, in the case of NTRU we can not hope to to apply Wagner’s algorithm directly, as the search space does not behave nicely. In this paper we show that we can nevertheless draw profit from a multiple birthday approach. Our approach allows us to attack ees251ep6 parameter set on a computer with only 252 Bits of memory and about 29 times faster as with Odlyzko’s combinatorial attack – this is an improvement factor about 243 in space complexity. We thus contradict the common believe, that in comparison to computational requirements, the “storage requirement is by far the larger obstacle” [3] to attack NTRU by combinatorial attacks. Further, our attack is about 27 times faster than the space-reduced variant from [3] employing the same amount of memory.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Coppersmith, D., Shamir, A.: Lattice attacks on NTRU. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 52–61. Springer, Heidelberg (1997)
Hoffstein, J., Pipher, J., Silverman, J.H.: NTRU: a ring based public key cryptosystem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 267–288. Springer, Heidelberg (1998)
Howgrave-Graham, N.: A hybrid lattice-reduction and meet-in-the-middle attack against NTRU. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 150–169. Springer, Heidelberg (2007)
Howgrave-Graham, N., Nguyen, P.Q., Pointcheval, D., Proos, J., Silverman, J.H., Singer, A., Whyte, W.: The impact of decryption failures on the security of NTRU encryption. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 226–246. Springer, Heidelberg (2003)
May, A., Silverman, J.H.: Dimension reduction methods for convolution modular lattices (Springer-Verlag). In: Silverman, J.H. (ed.) CaLC 2001. LNCS, vol. 2146, pp. 110–127. Springer, Heidelberg (2001)
Micciancio, D., Goldwasser, S.: Complexity of Lattice Problems: a cryptographic perspective. The Kluwer International Series in Engineering and Computer Science, vol. 671. Kluwer Academic Publishers, Boston (2002)
Whyte, W. (ed.): IEEE P1363.1/D9. Draft standard for public-key cryptographic techniques based on hard problems over lattices (2003)
Silverman, J.H.: Dimension reduced lattices, zero-forced lattices, and the NTRU public key cryptosystem. NTRU Technical Report, 013 (1999), http://www.ntru.com
Wagner, D.: A generalized birthday problem. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 288–303. Springer, Heidelberg (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Overbeck, R. (2009). Reducing Memory Requirements for Combinatorial Attacks on NTRU via Multiple Birthdays. In: Filipe, J., Obaidat, M.S. (eds) e-Business and Telecommunications. ICETE 2008. Communications in Computer and Information Science, vol 48. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-05197-5_14
Download citation
DOI: https://doi.org/10.1007/978-3-642-05197-5_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-05196-8
Online ISBN: 978-3-642-05197-5
eBook Packages: Computer ScienceComputer Science (R0)