Learning a parallelepiped: Cryptanalysis of GGH and NTRU signatures

Journal of Cryptology

Volumn 22, Issue 2, 2009, Pages 139-160

  Nguyen, Phong Q ^a   Regev, Oded ^b  

^a ECOLE NORMALE SUPÉRIEURE   (France)

^b TEL AVIV UNIVERSITY   (Israel)

Author keywords

GGH; Gradient descent; Lattices; Moment; NTRUSign; Public key cryptanalysis

Indexed keywords

GGH; GRADIENT DESCENT; LATTICES; MOMENT; NTRUSIGN; PUBLIC-KEY CRYPTANALYSIS;

HELIUM; HEURISTIC METHODS; NUMBER THEORY; SECURITY OF DATA;

CRYPTOGRAPHY;

EID: 64249149689     PISSN: 09332790     EISSN: 14321378     Source Type: Journal    
DOI: 10.1007/s00145-008-9031-0     Document Type: Article

References (36)

1. M. Ajtai, Generating hard instances of lattice problems, in Complexity of Computations and Proofs. Quad. Mat., vol. 13 (Dept. Math., Seconda Univ. Napoli, Caserta, 2004), pp. 1-32
2. N. Alon, J.H. Spencer, The Probabilistic Method. Wiley-Interscience Series in Discrete Mathematics and Optimization, 2nd edn. (Wiley, New York, 2000)
3. L. Babai 1986 On Lovász lattice reduction and the nearest lattice point problem Combinatorica 6 1 13
4. Consortium for Efficient Embedded Security. Efficient embedded security standards #1: Implementation aspects of NTRUencrypt and NTRUsign. Version 2.0 available at http://grouper.ieee.org/groups/1363/lattPK/index.html, June (2003)
5. A. Frieze, M. Jerrum, R. Kannan, Learning linear transformations, in 37th Annual Symposium on Foundations of Computer Science, Burlington, VT, 1996 (IEEE Comput. Soc. Press, Los Alamitos, 1996), pp. 359-368
6. C. Gentry, M. Szydlo, Cryptanalysis of the revised NTRU signature scheme, in Proc. of Eurocrypt '02. LNCS, vol. 2332 (Springer, Berlin, 2002)
7. C. Gentry, C. Peikert, V. Vaikuntanathan, Trapdoors for hard lattices and new cryptographic constructions, in Proc. 40th ACM Symp. on Theory of Computing (STOC), pp. 197-206 (2008)
8. C. Gentry, J. Jonsson, J. Stern, M. Szydlo, Cryptanalysis of the NTRU signature scheme (NSS) from Eurocrypt 2001, in Proc. of Asiacrypt '01. LNCS, vol. 2248 (Springer, Berlin, 2001)
9. O. Goldreich, S. Goldwasser, S. Halevi, Public-key cryptosystems from lattice reduction problems, in Proc. of Crypto '97. LNCS, vol. 1294 (Springer, Berlin, 1997), pp. 112-131. Full version available at ECCC as TR96-056
10. O. Goldreich, S. Goldwasser, S. Halevi, Challenges for the GGH cryptosystem. Available at http://theory.lcs.mit.edu/~shaih/challenge.html
11. G. Golub, C. Loan, Matrix Computations (Johns Hopkins Univ. Press, Baltimore, 1996)
12. J. Hoffstein, J. Pipher, J. Silverman, NTRU: a ring based public key cryptosystem, in Proc. of ANTS III. LNCS, vol. 1423 (Springer, Berlin, 1998), pp. 267-288. First presented at the rump session of Crypto '96
13. J. Hoffstein, J. Pipher, J.H. Silverman, NSS: An NTRU lattice-based signature scheme, in Proc. of Eurocrypt '01. LNCS, vol. 2045 (Springer, Berlin, 2001)
14. J. Hoffstein, N.A.H. Graham, J. Pipher, J.H. Silverman, W. Whyte, NTRUsign: Digital signatures using the NTRU lattice. Full version of Proc. of CT-RSA. LNCS, vol. 2612. Draft of April 2, 2002, available on NTRU's website
15. J. Hoffstein, N.A.H. Graham, J. Pipher, J.H. Silverman, W. Whyte, NTRUsign: Digital signatures using the NTRU lattice, in Proc. of CT-RSA. LNCS, vol. 2612 (Springer, Berlin, 2003)
16. J. Hoffstein, N.A.H. Graham, J. Pipher, J.H. Silverman, W. Whyte, Performances improvements and a baseline parameter generation algorithm for NTRUsign, in Proc. of Workshop on Mathematical Problems and Techniques in Cryptology (CRM, 2005), pp. 99-126
17. A. Hyvärinen E. Oja 1997 A fast fixed-point algorithm for independent component analysis Neural Comput. 9 7 1483 1492
18. A. Hyvärinen, J. Karhunen, E. Oja, Independent Component Analysis (Wiley, New York, 2001)
19. IEEE P1363.1. Public-key cryptographic techniques based on hard problems over lattices. See http://grouper.ieee.org/groups/1363/lattPK/index.html, June 2003
20. P. Klein, Finding the closest lattice vector when it's unusually close, in Proc. of SODA '00 (ACM-SIAM, 2000)
21. V. Lyubashevsky, D. Micciancio, Asymptotically efficient lattice-based digital signatures, in Fifth Theory of Cryptography Conference (TCC). Lecture Notes in Computer Science, vol. 4948 (Springer, Berlin, 2008)
22. R. McEliece, A public-key cryptosystem based on algebraic number theory. Technical report, Jet Propulsion Laboratory, 1978. DSN Progress Report 42-44
23. D. Micciancio, Improving lattice-based cryptosystems using the Hermite normal form, in Proc. of CALC '01. LNCS, vol. 2146 (Springer, Berlin, 2001)
24. D. Micciancio, Cryptographic functions from worst-case complexity assumptions. Survey paper prepared for the LLL+25 conference. To appear
25. D. Micciancio, S. Goldwasser, Complexity of Lattice Problems: A Cryptographic Perspective. The Kluwer International Series in Engineering and Computer Science, vol. 671 (Kluwer Academic, Boston, 2002)
26. D. Micciancio, O. Regev, Lattice-based cryptography, in Post-Quantum Cryprography, ed. by D.J. Bernstein, J. Buchmann (Springer, Berlin, 2008)
27. D. Micciancio, S. Vadhan, Statistical zero-knowledge proofs with efficient provers: lattice problems and more, in Advances in Cryptology-Proc. CRYPTO '03. Lecture Notes in Computer Science, vol. 2729 (Springer, Berlin, 2003), pp. 282-298
28. M. Naor, M. Yung, Universal one-way hash functions and their cryptographic applications, in Proc. 21st ACM Symp. on Theory of Computing (STOC), pp. 33-43 (1989)
29. P.Q. Nguyen, Cryptanalysis of the Goldreich-Goldwasser-Halevi cryptosystem from Crypto '97, in Proc. of Crypto '99. LNCS, vol. 1666 (Springer, Berlin, 1999), pp. 288-304
30. P.Q. Nguyen, O. Regev, Learning a Parallelepiped: Cryptanalysis of GGH and NTRU Signatures, in Advances in Cryptology-Proceedings of EUROCRYPT '06. LNCS, vol. 4004 (Springer, Berlin, 2006), pp. 215-233
31. P.Q. Nguyen, J. Stern, The two faces of lattices in cryptology, in Proc. of CALC '01. LNCS, vol. 2146 (Springer, Berlin, 2001)
32. O. Regev, Lattice-based cryptography, in Advances in Cryptology-Proc. of CRYPTO '06. LNCS, vol. 4117 (Springer, Berlin, 2006), pp. 131-141
33. C.P. Schnorr M. Euchner 1994 Lattice basis reduction: improved practical algorithms and solving subset sum problems Math. Program. 66 181 199
34. V. Shoup, NTL: A library for doing number theory. Available at http://www.shoup.net/ntl/
35. M. Szydlo, Hypercubic lattice reduction and analysis of GGH and NTRU signatures, in Proc. of Eurocrypt '03. LNCS, vol. 2656 (Springer, Berlin, 2003)
36. W. Whyte, Improved NTRUSign transcript analysis. Presentation at the rump session of Eurocrypt '06, on May 30 (2006)