Choosing Parameters for the Subfield Lattice Attack Against Overstretched NTRU

Dung Hoang Duong, Masaya Yasuda, Tsuyoshi Takagi

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)


Albrecht et al. [1] at Crypto 2016 and Cheon et al. [4] at ANTS 2016 independently presented a subfield attack on overstretched NTRU problem. Their idea is to map the public key down to the subfield (by norm and trace map respectively) and hence obtain a lattice of smaller dimension for which a lattice reduction algorithm is efficiently applicable. At Eurocrypt 2017, Kirchner and Fouque proposed another variant attack which exploits the presence of orthogonal bases within the cyclotomic number rings and instead of using the matrix of the public key in the subfield, they use the multiplication matrix by the public key in the full field and apply a lattice reduction algorithm to a suitable projected lattice of smaller dimension. They also showed a tight estimation of the parameters broken by lattice reduction and implementation results that their attack is better than the subfield attack. In this paper, we exploit technical results from Kirchner and Fouque [12] for the relative norm of field elements in the subfield and we use Hermite factor for estimating the output of a lattice basis reduction algorithm in order to analyze general choice of parameters for the subfield attack by Albrecht et al. [1]. As a result, we obtain the estimation for better choices of the subfields for which the attack works with smaller modulus. Our experiment results show that we can attack overstretched NTRU with modulus smaller than that of Albrecht et al. and of Kirchner and Fouque.

Original languageEnglish
Title of host publicationInformation Security - 20th International Conference, ISC 2017, Proceedings
EditorsPhong Q. Nguyen, Phong Q. Nguyen, Jianying Zhou
PublisherSpringer Verlag
Number of pages13
ISBN (Print)9783319696584
Publication statusPublished - 2017
Event20th International Conference on Information Security, ISC 2017 - Ho Chi Minh City, Viet Nam
Duration: Nov 22 2017Nov 24 2017

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10599 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Other20th International Conference on Information Security, ISC 2017
Country/TerritoryViet Nam
CityHo Chi Minh City

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)


Dive into the research topics of 'Choosing Parameters for the Subfield Lattice Attack Against Overstretched NTRU'. Together they form a unique fingerprint.

Cite this