A multiple birthday attack on NTRU

In this paper we view the possibilities to lance a multiple (iterative) birthday attack on NTRU. Recently Wagner's algorithm for the generalized birthday problem (Wagner, 2002) allowed to speed-up several combinatorial attacks. However, in the case of NTRU we can not hope to to apply Wagner's algorithm directly, as the search space does not behave nicely. In this paper we show that we can nevertheless draw profit from a multiple birthday approach. Our approach allows us to attack ees251ep6 parameter set on a computer with only 252 Bits of memory and about 29 times faster as with Odlyzko's combinatorial attack - this is an improvement factor about 243 in space complexity. We thus contradict the common believe, that in comparison to computational requirements, the "storage requirement is by far the larger obstacle" (Howgrave-Graham, 2007) to attack NTRU by combinatorial attacks. Further, our attack is about 27 times faster than the space-reduced variant from (Howgrave-Graham, 2007) employing the same amount of memory.


Published in:
Secrypt 2008: Proceedings Of The International Conference On Security And Cryptography, 237-244
Presented at:
International Conference on Security and Cryptography, Oporto, PORTUGAL, Jul 26-29, 2008
Year:
2008
Publisher:
Insticc-Inst Syst Technologies Information Control & Communication, Avenida D Manuel L, 27A 2 Esquerdo, Setubal, 2910-595, Portugal
ISBN:
978-989-8111-59-3
Keywords:
Laboratories:




 Record created 2010-11-30, last modified 2018-01-28


Rate this document:

Rate this document:
1
2
3
 
(Not yet reviewed)