Reducing Memory Requirements for Combinatorial Attacks on NTRU via Multiple Birthdays

2009
Conference paper

In this paper we view the possibilities to lance a multiple (iterative) birthday attack on NTRU. Recently Wagner's algorithm for the generalized birthday problem [9] allowed to speed-up several combinatorial attacks. However, in the case of NTRU we can not hope to to apply Wagner's algorithm directly, as the search space does not behave nicely. In this paper we show that we can nevertheless draw profit from a multiple birthday approach. Our approach allows us to attack ees251ep6 parameter set on a computer with only 2(52) Bits of memory and about 2(9) times faster as with Odlyzko's combinatorial attack - this is an improvement factor about 2(43) in space complexity. We thus contradict the common believe, that in comparison to computational requirements, the "storage requirement is by far the larger obstacle" [3] to attack NTRU by combinatorial attacks. Further, our attack is about 2(7) times faster than the space-reduced variant from [3] employing the same amount of memory.

About this result

This page is automatically generated and may contain information that is not correct, complete, up-to-date, or relevant to your search query. The same applies to every other page on this website. Please make sure to verify the information with EPFL's official sources.

2009
Conference paper

Abstract

Official source

https://infoscience.epfl.ch/record/158853?ln=en

About this result

Related concepts (6)

Related publications (1)

NTRU

NTRU is an open-source public-key cryptosystem that uses lattice-based cryptography to encrypt and decrypt data. It consists of two algorithms: NTRUEncrypt, which is used for encryption, and NTRUSign, which is used for digital signatures. Unlike other popular public-key cryptosystems, it is resistant to attacks using Shor's algorithm. NTRUEncrypt was patented, but it was placed in the public domain in 2017. NTRUSign is patented, but it can be used by software under the GPL.

Birthday attack

A birthday attack is a type of cryptographic attack that exploits the mathematics behind the birthday problem in probability theory. This attack can be used to abuse communication between two or more parties. The attack depends on the higher likelihood of collisions found between random attack attempts and a fixed degree of permutations (pigeonholes). With a birthday attack, it is possible to find a collision of a hash function in , with being the classical security.

Birthday problem

In probability theory, the birthday problem asks for the probability that, in a set of n randomly chosen people, at least two will share a birthday. The birthday paradox refers to the counterintuitive fact that only 23 people are needed for that probability to exceed 50%. The birthday paradox is a veridical paradox: it seems wrong at first glance but is, in fact, true. While it may seem surprising that only 23 individuals are required to reach a 50% probability of a shared birthday, this result is made more intuitive by considering that the birthday comparisons will be made between every possible pair of individuals.

A multiple birthday attack on NTRU

In this paper we view the possibilities to lance a multiple (iterative) birthday attack on NTRU. Recently Wagner's algorithm for the generalized birthday problem (Wagner, 2002) allowed to speed-up sev

Insticc-Inst Syst Technologies Information Control & Communication, Avenida D Manuel L, 27A 2 Esquerdo, Setubal, 2910-595, Portugal2008