A course in computational algebraic number theory
A course in computational algebraic number theory
A public-key cryptosystem utilizing cyclotomic fields
Designs, Codes and Cryptography
A method for finding codewords of small weight
Proceedings of the 3rd International Colloquium on Coding Theory and Applications
NSS: An NTRU Lattice-Based Signature Scheme
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
NTRU: A Ring-Based Public Key Cryptosystem
ANTS-III Proceedings of the Third International Symposium on Algorithmic Number Theory
Lattice Reduction in Cryptology: An Update
ANTS-IV Proceedings of the 4th International Symposium on Algorithmic Number Theory
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Cryptanalysis of the Revised NTRU Signature Scheme
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
Sliding Window Method for NTRU
ACNS '07 Proceedings of the 5th international conference on Applied Cryptography and Network Security
Practical RSA signature scheme based on periodical rekeying for wireless sensor networks
ACM Transactions on Sensor Networks (TOSN)
Symplectic lattice reduction and NTRU
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
Learning a parallelepiped: cryptanalysis of GGH and NTRU signatures
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
Fault analysis of the NTRUSign digital signature scheme
Cryptography and Communications
| Hi-index | 0.00 |
In 1996, a new cryptosystem called NTRU was introduced, related to the hardness of finding short vectors in specific lattices. At Eurocrypt 2001, the NTRU Signature Scheme (NSS), a signature scheme apparently related to the same hard problem, was proposed. In this paper, we show that the problem on which NSS relies is much easier than anticipated, and we describe an attack that allows efficient forgery of a signature on any message. Additionally, we demonstrate that a transcript of signatures leaks information about the secret key: using a correlation attack, it is possible to recover the key from a few tens of thousands of signatures. The attacks apply to the recently proposed parameter sets NSS251-3-SHA1-1, NSS347-3-SHA1-1, and NSS503-3-SHA1-1 in [2]. Following the attacks, NTRU researchers have investigated enhanced encoding/verification methods in [11].