Reduced memory meet-in-the-middle attack against the NTRU private key

Christine van Vredendaal

doi:10.1112/S1461157016000206

Reduced memory meet-in-the-middle attack against the NTRU private key

Christine van Vredendaal

Discrete Mathematics

Research output: Contribution to journal › Article › Academic › peer-review

16 Citations (Scopus)

Abstract

NTRU is a public-key cryptosystem introduced at ANTS-III. The two most used techniques in attacking the NTRU private key are meet-in-the-middle attacks and lattice-basis reduction attacks. Howgrave-Graham combined both techniques in 2007 and pointed out that the largest obstacle to attacks is the memory capacity that is required for the meet-in-the-middle phase. In the present paper an algorithm is presented that applies low-memory techniques to find 'golden' collisions to Odlyzko's meet-in-the-middle attack against the NTRU private key. Several aspects of NTRU secret keys and the algorithm are analysed. The running time of the algorithm with a maximum storage capacity of w is estimated and experimentally verified. Experiments indicate that decreasing the storage capacity w by a factor 1 < c < √w increases the running time by a factor √c.

Original language	English
Pages (from-to)	43-57
Number of pages	15
Journal	LMS Journal of Computation and Mathematics
Volume	19
Issue number	A
DOIs	https://doi.org/10.1112/S1461157016000206
Publication status	Published - 1 Jan 2016

Access to Document

10.1112/S1461157016000206

Cite this

@article{ff077a1efb6343f99d563ba6805124b4,

title = "Reduced memory meet-in-the-middle attack against the NTRU private key",

abstract = "NTRU is a public-key cryptosystem introduced at ANTS-III. The two most used techniques in attacking the NTRU private key are meet-in-the-middle attacks and lattice-basis reduction attacks. Howgrave-Graham combined both techniques in 2007 and pointed out that the largest obstacle to attacks is the memory capacity that is required for the meet-in-the-middle phase. In the present paper an algorithm is presented that applies low-memory techniques to find 'golden' collisions to Odlyzko's meet-in-the-middle attack against the NTRU private key. Several aspects of NTRU secret keys and the algorithm are analysed. The running time of the algorithm with a maximum storage capacity of w is estimated and experimentally verified. Experiments indicate that decreasing the storage capacity w by a factor 1 < c < √w increases the running time by a factor √c.",

author = "{van Vredendaal}, Christine",

year = "2016",

month = jan,

day = "1",

doi = "10.1112/S1461157016000206",

language = "English",

volume = "19",

pages = "43--57",

journal = "LMS Journal of Computation and Mathematics",

issn = "1461-1570",

publisher = "London Mathematical Society",

number = "A",

}

TY - JOUR

T1 - Reduced memory meet-in-the-middle attack against the NTRU private key

AU - van Vredendaal, Christine

PY - 2016/1/1

Y1 - 2016/1/1

N2 - NTRU is a public-key cryptosystem introduced at ANTS-III. The two most used techniques in attacking the NTRU private key are meet-in-the-middle attacks and lattice-basis reduction attacks. Howgrave-Graham combined both techniques in 2007 and pointed out that the largest obstacle to attacks is the memory capacity that is required for the meet-in-the-middle phase. In the present paper an algorithm is presented that applies low-memory techniques to find 'golden' collisions to Odlyzko's meet-in-the-middle attack against the NTRU private key. Several aspects of NTRU secret keys and the algorithm are analysed. The running time of the algorithm with a maximum storage capacity of w is estimated and experimentally verified. Experiments indicate that decreasing the storage capacity w by a factor 1 < c < √w increases the running time by a factor √c.

AB - NTRU is a public-key cryptosystem introduced at ANTS-III. The two most used techniques in attacking the NTRU private key are meet-in-the-middle attacks and lattice-basis reduction attacks. Howgrave-Graham combined both techniques in 2007 and pointed out that the largest obstacle to attacks is the memory capacity that is required for the meet-in-the-middle phase. In the present paper an algorithm is presented that applies low-memory techniques to find 'golden' collisions to Odlyzko's meet-in-the-middle attack against the NTRU private key. Several aspects of NTRU secret keys and the algorithm are analysed. The running time of the algorithm with a maximum storage capacity of w is estimated and experimentally verified. Experiments indicate that decreasing the storage capacity w by a factor 1 < c < √w increases the running time by a factor √c.

UR - http://www.scopus.com/inward/record.url?scp=84984554827&partnerID=8YFLogxK

U2 - 10.1112/S1461157016000206

DO - 10.1112/S1461157016000206

M3 - Article

AN - SCOPUS:84984554827

SN - 1461-1570

VL - 19

SP - 43

EP - 57

JO - LMS Journal of Computation and Mathematics

JF - LMS Journal of Computation and Mathematics

IS - A

ER -

Reduced memory meet-in-the-middle attack against the NTRU private key

Abstract

Access to Document

Other files and links

Fingerprint

Cite this