Reduced memory meet-in-the-middle attack against the NTRU private key

Christine van Vredendaal

doi:10.1112/S1461157016000206

Reduced memory meet-in-the-middle attack against the NTRU private key

Christine van Vredendaal

Discrete Mathematics

Onderzoeksoutput: Bijdrage aan tijdschrift › Tijdschriftartikel › Academic › peer review

13 Citaten (Scopus)

Samenvatting

NTRU is a public-key cryptosystem introduced at ANTS-III. The two most used techniques in attacking the NTRU private key are meet-in-the-middle attacks and lattice-basis reduction attacks. Howgrave-Graham combined both techniques in 2007 and pointed out that the largest obstacle to attacks is the memory capacity that is required for the meet-in-the-middle phase. In the present paper an algorithm is presented that applies low-memory techniques to find 'golden' collisions to Odlyzko's meet-in-the-middle attack against the NTRU private key. Several aspects of NTRU secret keys and the algorithm are analysed. The running time of the algorithm with a maximum storage capacity of w is estimated and experimentally verified. Experiments indicate that decreasing the storage capacity w by a factor 1 < c < √w increases the running time by a factor √c.

Originele taal-2	Engels
Pagina's (van-tot)	43-57
Aantal pagina's	15
Tijdschrift	LMS Journal of Computation and Mathematics
Volume	19
Nummer van het tijdschrift	A
DOI's	https://doi.org/10.1112/S1461157016000206
Status	Gepubliceerd - 1 jan. 2016

Toegang tot document

10.1112/S1461157016000206

Andere bestanden en links

Link to publication in Scopus

Citeer dit

@article{ff077a1efb6343f99d563ba6805124b4,

title = "Reduced memory meet-in-the-middle attack against the NTRU private key",

abstract = "NTRU is a public-key cryptosystem introduced at ANTS-III. The two most used techniques in attacking the NTRU private key are meet-in-the-middle attacks and lattice-basis reduction attacks. Howgrave-Graham combined both techniques in 2007 and pointed out that the largest obstacle to attacks is the memory capacity that is required for the meet-in-the-middle phase. In the present paper an algorithm is presented that applies low-memory techniques to find 'golden' collisions to Odlyzko's meet-in-the-middle attack against the NTRU private key. Several aspects of NTRU secret keys and the algorithm are analysed. The running time of the algorithm with a maximum storage capacity of w is estimated and experimentally verified. Experiments indicate that decreasing the storage capacity w by a factor 1 < c < √w increases the running time by a factor √c.",

author = "{van Vredendaal}, Christine",

year = "2016",

month = jan,

day = "1",

doi = "10.1112/S1461157016000206",

language = "English",

volume = "19",

pages = "43--57",

journal = "LMS Journal of Computation and Mathematics",

issn = "1461-1570",

publisher = "London Mathematical Society",

number = "A",

}

TY - JOUR

T1 - Reduced memory meet-in-the-middle attack against the NTRU private key

AU - van Vredendaal, Christine

PY - 2016/1/1

Y1 - 2016/1/1

N2 - NTRU is a public-key cryptosystem introduced at ANTS-III. The two most used techniques in attacking the NTRU private key are meet-in-the-middle attacks and lattice-basis reduction attacks. Howgrave-Graham combined both techniques in 2007 and pointed out that the largest obstacle to attacks is the memory capacity that is required for the meet-in-the-middle phase. In the present paper an algorithm is presented that applies low-memory techniques to find 'golden' collisions to Odlyzko's meet-in-the-middle attack against the NTRU private key. Several aspects of NTRU secret keys and the algorithm are analysed. The running time of the algorithm with a maximum storage capacity of w is estimated and experimentally verified. Experiments indicate that decreasing the storage capacity w by a factor 1 < c < √w increases the running time by a factor √c.

AB - NTRU is a public-key cryptosystem introduced at ANTS-III. The two most used techniques in attacking the NTRU private key are meet-in-the-middle attacks and lattice-basis reduction attacks. Howgrave-Graham combined both techniques in 2007 and pointed out that the largest obstacle to attacks is the memory capacity that is required for the meet-in-the-middle phase. In the present paper an algorithm is presented that applies low-memory techniques to find 'golden' collisions to Odlyzko's meet-in-the-middle attack against the NTRU private key. Several aspects of NTRU secret keys and the algorithm are analysed. The running time of the algorithm with a maximum storage capacity of w is estimated and experimentally verified. Experiments indicate that decreasing the storage capacity w by a factor 1 < c < √w increases the running time by a factor √c.

UR - http://www.scopus.com/inward/record.url?scp=84984554827&partnerID=8YFLogxK

U2 - 10.1112/S1461157016000206

DO - 10.1112/S1461157016000206

M3 - Article

AN - SCOPUS:84984554827

SN - 1461-1570

VL - 19

SP - 43

EP - 57

JO - LMS Journal of Computation and Mathematics

JF - LMS Journal of Computation and Mathematics

IS - A

ER -

Reduced memory meet-in-the-middle attack against the NTRU private key

Samenvatting

Toegang tot document

Andere bestanden en links

Vingerafdruk

Citeer dit