Skip to Main content Skip to Navigation
Conference papers

Learning a Zonotope and More: Cryptanalysis of NTRUSign Countermeasures

Léo Ducas 1 Phong Q. Nguyen 2, 3
1 CASCADE - Construction and Analysis of Systems for Confidentiality and Authenticity of Data and Entities
DI-ENS - Département d'informatique de l'École normale supérieure, Inria Paris-Rocquencourt, CNRS - Centre National de la Recherche Scientifique : UMR 8548
2 CRYPT - Cryptanalyse
LIAMA - Laboratoire Franco-Chinois d'Informatique, d'Automatique et de Mathématiques Appliquées, Inria Paris-Rocquencourt
Abstract : NTRUsign is the most practical lattice signature scheme. Its basic version was broken by Nguyen and Regev in 2006: one can efficiently recover the secret key from about 400 signatures. However, countermeasures have been proposed to repair the scheme, such as the perturbation used in NTRUsign standardization proposals, and the deformation proposed by Hu et al. at IEEE Trans. Inform. Theory in 2008. These two countermeasures were claimed to prevent the NR attack. Surprisingly, we show that these two claims are incorrect by revisiting the NR gradient-descent attack: the attack is more powerful than previously expected, and actually breaks both countermeasures in practice, e.g. 8,000 signatures suffice to break NTRUsign-251 with one perturbation as submitted to IEEE P1363 in 2003. More precisely, we explain why the Nguyen-Regev algorithm for learning a parallelepiped is heuristically able to learn more complex objects, such as zonotopes and deformed parallelepipeds.
Document type :
Conference papers
Complete list of metadata

Cited literature [25 references]  Display  Hide  Download

https://hal.inria.fr/hal-00864359
Contributor : Phong Q. Nguyen <>
Submitted on : Saturday, September 21, 2013 - 2:18:07 AM
Last modification on : Thursday, July 1, 2021 - 5:58:06 PM
Long-term archiving on: : Friday, April 7, 2017 - 12:54:20 AM

File

DucasNguyen_Learning.pdf
Files produced by the author(s)

Identifiers

Collections

Citation

Léo Ducas, Phong Q. Nguyen. Learning a Zonotope and More: Cryptanalysis of NTRUSign Countermeasures. ASIACRYPT 2012 - 18th International Conference on the Theory and Application of Cryptology and Information Security, IACR, Dec 2012, Beijing, China. pp.433-450, ⟨10.1007/978-3-642-34961-4_27⟩. ⟨hal-00864359⟩

Share

Metrics

Record views

877

Files downloads

616