(A) hybrid attack using splitting systems against NTRU

Abstract

NTRU is a public key encryption scheme whose security is based on a polynomial factorisation problem in the ring $\mathcal{R} = \mathbb{Z}_{q} [X]/(X^{N} - 1)$. It is an interesting system to study for a number of reasons. Firstly, it does not depend on the traditional hard problems, such as factoring or discrete logarithms, on which other practical public key schemes are based. Indeed the best known heuristic attack is that of finding a short vector in a lattice, which appears to be a very hard problem. Furthermore, schemes based on factoring or discrete logarithms can be broken in the quantum setting using Shor’s algorithm. Currently, there is no quantum algorithm which significantly improves the classical approach to breaking NTRU. Secondly, the basic arithmetic operations in NTRU are particularly simple making it suitable for use in constrained environments where traditional public key schemes have difficulty. Lattice-based attack is one of the basic attack on NTRU. The results of the lattice-reduction algorithm have a deep relation with the properties of lattice. When we attack NTRU using lattice, the lattice is not general lattice, but convolution modular lattice. Using this property, there are many tries to make more efficient lattice-reduction algorithm. When a lattice is given, using well the properties of the lattice or changing the lattice to more efficient one is also a important problem. In this paper, we study a hybrid lattice-reduction and meet-in-the-middle attack on NTRU proposed by Nick Howgrave-Graham, 2007. Especially, we apply splitting system to meet-in-the-middle attack. We make the algorithm and, moreover, realize it.