Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer
SIAM Journal on Computing
Key Recovery and Message Attacks on NTRU-Composite
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
Cryptanalysis of Block Ciphers with Overdefined Systems of Equations
ASIACRYPT '02 Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
NTRU: A Ring-Based Public Key Cryptosystem
ANTS-III Proceedings of the Third International Symposium on Algorithmic Number Theory
Dimension Reduction Methods for Convolution Modular Lattices
CaLC '01 Revised Papers from the International Conference on Cryptography and Lattices
Efficient algorithms for solving overdefined systems of multivariate polynomial equations
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
About the XL algorithm over GF(2)
CT-RSA'03 Proceedings of the 2003 RSA conference on The cryptographers' track
Algebraic Description and Simultaneous Linear Approximations of Addition in Snow 2.0.
ICICS '08 Proceedings of the 10th International Conference on Information and Communications Security
Hi-index | 0.00 |
We use the theory of Witt vectors to develop an algebraic approach for studying the NTRU primitive with q parameter equal to a power of two. This results in a system of nonlinear algebraic equations over $\mathbb{F}_{2}$ having many symmetries, which is reminiscent of the approach of Courtois, Murphy, Pieprzyk, Robshaw and others for studying the structure of block ciphers such as the AES. We study whether this approach to NTRU provides any immediate security threat and conclude that under the most favourable assumptions, the method is of asymptotic interest but is completely impractical at current or likely future parameter sizes.