Abstract
NTRU cryptosystem was proposed by J. Hoffstein, J.Pipher and J.H. Silverman in 1996, whose security is related to the hardness of finding sufficient short vectors in NTRU lattice with dimension $2N$ . Many researchers conjecture that the private key vector is indeed the shortest vector in the lattice in most cases. However, no formal proof has been provided in the literature before to the best of our knowledge. In this paper, we revisit the lattice attack on NTRU and present a new dimension reduction attack on NTRU without considering the pattern of private polynomials. More precisely, we show that one can recover a group of equivalent private keys by solving shortest vector problem in a new dimension-reduced lattice with dimension $N+k, k , where $k$ is related to the specific parameters selected. As a corollary of our attack, we prove that the private key vector and its rotations are the shortest vectors of the original NTRU lattice with an overwhelming probability, which confirms the conjecture of the length of the shortest vector of the original NTRU lattice.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
