Generating hard instances of lattice problems (extended abstract)
STOC '96 Proceedings of the twenty-eighth annual ACM symposium on Theory of computing
Finding the closest lattice vector when it's unusually close
SODA '00 Proceedings of the eleventh annual ACM-SIAM symposium on Discrete algorithms
Public-Key Cryptosystems from Lattice Reduction Problems
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
NTRU: A Ring-Based Public Key Cryptosystem
ANTS-III Proceedings of the Third International Symposium on Algorithmic Number Theory
Improving Lattice Based Cryptosystems Using the Hermite Normal Form
CaLC '01 Revised Papers from the International Conference on Cryptography and Lattices
The Two Faces of Lattices in Cryptology
CaLC '01 Revised Papers from the International Conference on Cryptography and Lattices
Trapdoors for hard lattices and new cryptographic constructions
STOC '08 Proceedings of the fortieth annual ACM symposium on Theory of computing
Fully homomorphic encryption using ideal lattices
Proceedings of the forty-first annual ACM symposium on Theory of computing
The LLL Algorithm: Survey and Applications
The LLL Algorithm: Survey and Applications
NTRUSign: digital signatures using the NTRU lattice
CT-RSA'03 Proceedings of the 2003 RSA conference on The cryptographers' track
An efficient and parallel Gaussian sampler for lattices
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
Learning, cryptography, and the average case
Learning, cryptography, and the average case
Learning a parallelepiped: cryptanalysis of GGH and NTRU signatures
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
Lattice signatures without trapdoors
EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
NTRUSign With a New Perturbation
IEEE Transactions on Information Theory
Faster gaussian lattice sampling using lazy floating-point arithmetic
ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
Learning a zonotope and more: cryptanalysis of NTRUSign countermeasures
ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
Faster gaussian lattice sampling using lazy floating-point arithmetic
ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
Learning a zonotope and more: cryptanalysis of NTRUSign countermeasures
ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
| Hi-index | 0.00 |
NTRUSign is the most practical lattice signature scheme. Its basic version was broken by Nguyen and Regev in 2006: one can efficiently recover the secret key from about 400 signatures. However, countermeasures have been proposed to repair the scheme, such as the perturbation used in NTRUSign standardization proposals, and the deformation proposed by Hu et al. at IEEE Trans. Inform. Theory in 2008. These two countermeasures were claimed to prevent the NR attack. Surprisingly, we show that these two claims are incorrect by revisiting the NR gradient-descent attack: the attack is more powerful than previously expected, and actually breaks both countermeasures in practice, e.g. 8,000 signatures suffice to break NTRUSign-251 with one perturbation as submitted to IEEE P1363 in 2003. More precisely, we explain why the Nguyen-Regev algorithm for learning a parallelepiped is heuristically able to learn more complex objects, such as zonotopes and deformed parallelepipeds.