Abstract
We recall that in theNTRU cryptosystem[267, 269], one selects integer parameters(N q)and four setsG f Gg L: Lof polynomialsf gcp, m in the ring EquationSource$$ \[R = {\mathbb{Z}_q}\left[ X \right]/\left( {{X^N} - 1} \right)\] $$ . The coefficients of these polynomials are constrained by the choice of an additional parameter, p, a small integer or polynomial. In the original presentation of NTRU, see [267], the choicep =3 is considered, and thus the polynomialsf g cp mare ternary. The authors of NTRU have since recommended [269] that to choose p =X +2. This choice for p, along with other optimisations suggested in [269], leads tof g cp mbeing constructed from binary polynomials. In particular this leads to the message representative polynomial m being binary.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer Basel AG
About this chapter
Cite this chapter
Shparlinski, I. (2003). Bit Security of NTRU. In: Shparlinski, I. (eds) Cryptographic Applications of Analytic Number Theory. Progress in Computer Science and Applied Logic, vol 22. Birkhäuser, Basel. https://doi.org/10.1007/978-3-0348-8037-4_21
Download citation
DOI: https://doi.org/10.1007/978-3-0348-8037-4_21
Publisher Name: Birkhäuser, Basel
Print ISBN: 978-3-0348-9415-9
Online ISBN: 978-3-0348-8037-4
eBook Packages: Springer Book Archive