Skip to Main content Skip to Navigation
Conference papers

Learning a Zonotope and More: Cryptanalysis of NTRUSign Countermeasures

Léo Ducas 1 Phong Q. Nguyen 2, 3 
1 CASCADE - Construction and Analysis of Systems for Confidentiality and Authenticity of Data and Entities
DI-ENS - Département d'informatique - ENS Paris, Inria Paris-Rocquencourt, CNRS - Centre National de la Recherche Scientifique : UMR 8548
2 CRYPT - Cryptanalyse
LIAMA - Laboratoire Franco-Chinois d'Informatique, d'Automatique et de Mathématiques Appliquées, Inria Paris-Rocquencourt
Abstract : NTRUsign is the most practical lattice signature scheme. Its basic version was broken by Nguyen and Regev in 2006: one can efficiently recover the secret key from about 400 signatures. However, countermeasures have been proposed to repair the scheme, such as the perturbation used in NTRUsign standardization proposals, and the deformation proposed by Hu et al. at IEEE Trans. Inform. Theory in 2008. These two countermeasures were claimed to prevent the NR attack. Surprisingly, we show that these two claims are incorrect by revisiting the NR gradient-descent attack: the attack is more powerful than previously expected, and actually breaks both countermeasures in practice, e.g. 8,000 signatures suffice to break NTRUsign-251 with one perturbation as submitted to IEEE P1363 in 2003. More precisely, we explain why the Nguyen-Regev algorithm for learning a parallelepiped is heuristically able to learn more complex objects, such as zonotopes and deformed parallelepipeds.
Document type :
Conference papers
Complete list of metadata

Cited literature [25 references]  Display  Hide  Download
Contributor : Phong Q. Nguyen Connect in order to contact the contributor
Submitted on : Saturday, September 21, 2013 - 2:18:07 AM
Last modification on : Thursday, March 17, 2022 - 10:08:36 AM
Long-term archiving on: : Friday, April 7, 2017 - 12:54:20 AM


Files produced by the author(s)




Léo Ducas, Phong Q. Nguyen. Learning a Zonotope and More: Cryptanalysis of NTRUSign Countermeasures. ASIACRYPT 2012 - 18th International Conference on the Theory and Application of Cryptology and Information Security, IACR, Dec 2012, Beijing, China. pp.433-450, ⟨10.1007/978-3-642-34961-4_27⟩. ⟨hal-00864359⟩



Record views


Files downloads