Choosing Parameters for the Subfield Lattice Attack Against Overstretched NTRU

Dung Hoang Duong; Masaya Yasuda; Tsuyoshi Takagi

doi:10.1007/978-3-319-69659-1_5

Choosing Parameters for the Subfield Lattice Attack Against Overstretched NTRU

Dung Hoang Duong, Masaya Yasuda, Tsuyoshi Takagi

Laboratory of Mathematical Design for Advanced Cryptography

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

2 Citations (Scopus)

Abstract

Albrecht et al. [1] at Crypto 2016 and Cheon et al. [4] at ANTS 2016 independently presented a subfield attack on overstretched NTRU problem. Their idea is to map the public key down to the subfield (by norm and trace map respectively) and hence obtain a lattice of smaller dimension for which a lattice reduction algorithm is efficiently applicable. At Eurocrypt 2017, Kirchner and Fouque proposed another variant attack which exploits the presence of orthogonal bases within the cyclotomic number rings and instead of using the matrix of the public key in the subfield, they use the multiplication matrix by the public key in the full field and apply a lattice reduction algorithm to a suitable projected lattice of smaller dimension. They also showed a tight estimation of the parameters broken by lattice reduction and implementation results that their attack is better than the subfield attack. In this paper, we exploit technical results from Kirchner and Fouque [12] for the relative norm of field elements in the subfield and we use Hermite factor for estimating the output of a lattice basis reduction algorithm in order to analyze general choice of parameters for the subfield attack by Albrecht et al. [1]. As a result, we obtain the estimation for better choices of the subfields for which the attack works with smaller modulus. Our experiment results show that we can attack overstretched NTRU with modulus smaller than that of Albrecht et al. and of Kirchner and Fouque.

Original language	English
Title of host publication	Information Security - 20th International Conference, ISC 2017, Proceedings
Editors	Phong Q. Nguyen, Phong Q. Nguyen, Jianying Zhou
Publisher	Springer Verlag
Pages	79-91
Number of pages	13
ISBN (Print)	9783319696584
DOIs	https://doi.org/10.1007/978-3-319-69659-1_5
Publication status	Published - 2017
Event	20th International Conference on Information Security, ISC 2017 - Ho Chi Minh City, Viet Nam Duration: Nov 22 2017 → Nov 24 2017

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	10599 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	20th International Conference on Information Security, ISC 2017
Country/Territory	Viet Nam
City	Ho Chi Minh City
Period	11/22/17 → 11/24/17

All Science Journal Classification (ASJC) codes

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/978-3-319-69659-1_5

Cite this

Duong, D. H., Yasuda, M., & Takagi, T. (2017). Choosing Parameters for the Subfield Lattice Attack Against Overstretched NTRU. In P. Q. Nguyen, P. Q. Nguyen, & J. Zhou (Eds.), Information Security - 20th International Conference, ISC 2017, Proceedings (pp. 79-91). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10599 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-319-69659-1_5

Choosing Parameters for the Subfield Lattice Attack Against Overstretched NTRU. / Duong, Dung Hoang; Yasuda, Masaya; Takagi, Tsuyoshi.

Information Security - 20th International Conference, ISC 2017, Proceedings. ed. / Phong Q. Nguyen; Phong Q. Nguyen; Jianying Zhou. Springer Verlag, 2017. p. 79-91 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10599 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Duong, DH, Yasuda, M & Takagi, T 2017, Choosing Parameters for the Subfield Lattice Attack Against Overstretched NTRU. in PQ Nguyen, PQ Nguyen & J Zhou (eds), Information Security - 20th International Conference, ISC 2017, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 10599 LNCS, Springer Verlag, pp. 79-91, 20th International Conference on Information Security, ISC 2017, Ho Chi Minh City, Viet Nam, 11/22/17. https://doi.org/10.1007/978-3-319-69659-1_5

Duong DH, Yasuda M, Takagi T. Choosing Parameters for the Subfield Lattice Attack Against Overstretched NTRU. In Nguyen PQ, Nguyen PQ, Zhou J, editors, Information Security - 20th International Conference, ISC 2017, Proceedings. Springer Verlag. 2017. p. 79-91. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-69659-1_5

Duong, Dung Hoang ; Yasuda, Masaya ; Takagi, Tsuyoshi. / Choosing Parameters for the Subfield Lattice Attack Against Overstretched NTRU. Information Security - 20th International Conference, ISC 2017, Proceedings. editor / Phong Q. Nguyen ; Phong Q. Nguyen ; Jianying Zhou. Springer Verlag, 2017. pp. 79-91 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{c079e06634764f9cbee9c5de5a022e54,

title = "Choosing Parameters for the Subfield Lattice Attack Against Overstretched NTRU",

abstract = "Albrecht et al. [1] at Crypto 2016 and Cheon et al. [4] at ANTS 2016 independently presented a subfield attack on overstretched NTRU problem. Their idea is to map the public key down to the subfield (by norm and trace map respectively) and hence obtain a lattice of smaller dimension for which a lattice reduction algorithm is efficiently applicable. At Eurocrypt 2017, Kirchner and Fouque proposed another variant attack which exploits the presence of orthogonal bases within the cyclotomic number rings and instead of using the matrix of the public key in the subfield, they use the multiplication matrix by the public key in the full field and apply a lattice reduction algorithm to a suitable projected lattice of smaller dimension. They also showed a tight estimation of the parameters broken by lattice reduction and implementation results that their attack is better than the subfield attack. In this paper, we exploit technical results from Kirchner and Fouque [12] for the relative norm of field elements in the subfield and we use Hermite factor for estimating the output of a lattice basis reduction algorithm in order to analyze general choice of parameters for the subfield attack by Albrecht et al. [1]. As a result, we obtain the estimation for better choices of the subfields for which the attack works with smaller modulus. Our experiment results show that we can attack overstretched NTRU with modulus smaller than that of Albrecht et al. and of Kirchner and Fouque.",

author = "Duong, {Dung Hoang} and Masaya Yasuda and Tsuyoshi Takagi",

note = "Funding Information: Acknowledgments. We are grateful for the anonymous reviewers for their useful comments and suggestions. The first author would like to thank Martin Albrecht, Shi Bai and Paul Kirchner, for their kindness and helpful discussions. This work was supported by JST CREST Grant Number JPMJCR14D6, Japan. The first author thanks the Japanese Society for the Promotion of Science (JSPS) for financial support under grant KAKENHI 16K17644. Publisher Copyright: {\textcopyright} 2017, Springer International Publishing AG.; 20th International Conference on Information Security, ISC 2017 ; Conference date: 22-11-2017 Through 24-11-2017",

year = "2017",

doi = "10.1007/978-3-319-69659-1_5",

language = "English",

isbn = "9783319696584",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "79--91",

editor = "Nguyen, {Phong Q.} and Nguyen, {Phong Q.} and Jianying Zhou",

booktitle = "Information Security - 20th International Conference, ISC 2017, Proceedings",

address = "Germany",

}

TY - GEN

T1 - Choosing Parameters for the Subfield Lattice Attack Against Overstretched NTRU

AU - Duong, Dung Hoang

AU - Yasuda, Masaya

AU - Takagi, Tsuyoshi

N1 - Funding Information: Acknowledgments. We are grateful for the anonymous reviewers for their useful comments and suggestions. The first author would like to thank Martin Albrecht, Shi Bai and Paul Kirchner, for their kindness and helpful discussions. This work was supported by JST CREST Grant Number JPMJCR14D6, Japan. The first author thanks the Japanese Society for the Promotion of Science (JSPS) for financial support under grant KAKENHI 16K17644. Publisher Copyright: © 2017, Springer International Publishing AG.

PY - 2017

Y1 - 2017

N2 - Albrecht et al. [1] at Crypto 2016 and Cheon et al. [4] at ANTS 2016 independently presented a subfield attack on overstretched NTRU problem. Their idea is to map the public key down to the subfield (by norm and trace map respectively) and hence obtain a lattice of smaller dimension for which a lattice reduction algorithm is efficiently applicable. At Eurocrypt 2017, Kirchner and Fouque proposed another variant attack which exploits the presence of orthogonal bases within the cyclotomic number rings and instead of using the matrix of the public key in the subfield, they use the multiplication matrix by the public key in the full field and apply a lattice reduction algorithm to a suitable projected lattice of smaller dimension. They also showed a tight estimation of the parameters broken by lattice reduction and implementation results that their attack is better than the subfield attack. In this paper, we exploit technical results from Kirchner and Fouque [12] for the relative norm of field elements in the subfield and we use Hermite factor for estimating the output of a lattice basis reduction algorithm in order to analyze general choice of parameters for the subfield attack by Albrecht et al. [1]. As a result, we obtain the estimation for better choices of the subfields for which the attack works with smaller modulus. Our experiment results show that we can attack overstretched NTRU with modulus smaller than that of Albrecht et al. and of Kirchner and Fouque.

AB - Albrecht et al. [1] at Crypto 2016 and Cheon et al. [4] at ANTS 2016 independently presented a subfield attack on overstretched NTRU problem. Their idea is to map the public key down to the subfield (by norm and trace map respectively) and hence obtain a lattice of smaller dimension for which a lattice reduction algorithm is efficiently applicable. At Eurocrypt 2017, Kirchner and Fouque proposed another variant attack which exploits the presence of orthogonal bases within the cyclotomic number rings and instead of using the matrix of the public key in the subfield, they use the multiplication matrix by the public key in the full field and apply a lattice reduction algorithm to a suitable projected lattice of smaller dimension. They also showed a tight estimation of the parameters broken by lattice reduction and implementation results that their attack is better than the subfield attack. In this paper, we exploit technical results from Kirchner and Fouque [12] for the relative norm of field elements in the subfield and we use Hermite factor for estimating the output of a lattice basis reduction algorithm in order to analyze general choice of parameters for the subfield attack by Albrecht et al. [1]. As a result, we obtain the estimation for better choices of the subfields for which the attack works with smaller modulus. Our experiment results show that we can attack overstretched NTRU with modulus smaller than that of Albrecht et al. and of Kirchner and Fouque.

UR - http://www.scopus.com/inward/record.url?scp=85035123118&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85035123118&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-69659-1_5

DO - 10.1007/978-3-319-69659-1_5

M3 - Conference contribution

AN - SCOPUS:85035123118

SN - 9783319696584

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 79

EP - 91

BT - Information Security - 20th International Conference, ISC 2017, Proceedings

A2 - Nguyen, Phong Q.

A2 - Zhou, Jianying

PB - Springer Verlag

T2 - 20th International Conference on Information Security, ISC 2017

Y2 - 22 November 2017 through 24 November 2017

ER -

Choosing Parameters for the Subfield Lattice Attack Against Overstretched NTRU

Abstract

Publication series

Other

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this