Algebraic Cryptanalysis of CTRU Cryptosystem

  • Nitin Vats
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5092)


CTRU, a public key cryptosystem was proposed by Gaborit, Ohler and Sole. It is analogue of NTRU, the ring of integers replaced by the ring of polynomials \(\mathbb{F}_2[T]\). It attracted attention as the attacks based on either LLL algorithm or the Chinese Remainder Theorem are avoided on it, which is most common on NTRU. In this paper we presents a polynomial-time algorithm that breaks CTRU for all recommended parameter choices that were derived to make CTRU secure against popov normal form attack. The paper shows if we ascertain the constraints for perfect decryption then either plaintext or private key can be achieved by polynomial time linear algebra attack.


Quotient Ring Chinese Remainder Theorem Elementary Linear Algebra Lattice Basis Reduction Recommended Parameter 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Coglianese, M., Goi, B.M.: MaTRU : A New NTRU Based Cryptosystem. In: Maitra, S., Veni Madhavan, C.E., Venkatesan, R. (eds.) INDOCRYPT 2005. LNCS, vol. 3797, pp. 232–243. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  2. 2.
    Coppersmith, D.: Finding a Small Root of a Bivariate Integer Equation; Factoring with High Bits Known. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 178–189. Springer, Heidelberg (1996)Google Scholar
  3. 3.
    Coppersmith, D.: Small Solution to Polynomial Equations, and Low Exponent RSA Vulner-Abilities. Journal of Cryptology 10, 223–260 (1997)CrossRefGoogle Scholar
  4. 4.
    Coppersmith, D., Shamir, A.: Lattice Attacks on NTRU. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 52–61. Springer, Heidelberg (1997)Google Scholar
  5. 5.
    Coppersmith, D.: Finding Small Solution to Small Degree Polynomials. In: Silverman, J.H. (ed.) CaLC 2001. LNCS, vol. 2146, pp. 20–31. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  6. 6.
    Gaborit, P., Ohler, J., Sole, P.: CTRU, a Polynomial Analogue of NTRU, INRIA. Rapport de recherche, N.4621 (November 2002), (ISSN 0249-6399),
  7. 7.
    Hoffstein, J., Howgrave-Graham, N., Pipher, J., Silverman, J.H., Whyte, W.: NTRUSign: Digital Signatures Using the NTRU Lattice. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 122–140. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  8. 8.
    Hoffestein, J., Pipher, J., Silverman, J.H.: NTRU : A Ring-Based Public Key Cryptosystem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 267–288. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  9. 9.
    Hoffestein, J., Pipher, J., Silverman, J.H.: NSS: An NTRU Lattice-Based Signature Scheme. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 211–228. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  10. 10.
    Hoffstein, J., Silverman, J.H.: Optimizations for NTRU. In: Public-Key Cryptography and computational Number Theory (2000)Google Scholar
  11. 11.
    Hoffistein, J., Silverman, J.H.: Random Small Hamming Weight Products with Applications to Cryptography. Discrete Applied Mathematics 130, 37–49 (2000)CrossRefGoogle Scholar
  12. 12.
    Howgrave-Graham, N., Nguyen, P.Q., Pointcheval, D., Proos, J.: The Impact of Decrption Failures on the Security of NTRU Encryption. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 226–246. Springer, Heidelberg (2003)Google Scholar
  13. 13.
    Jaulmes, E., Joux, A.: A Chosen Ciphertext Attack on NTRU. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 20–35. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  14. 14.
    May, A., Silverman, J.H.: Dimension Reduction Methods for Convolution Modular Lattices. In: Silverman, J.H. (ed.) CaLC 2001. LNCS, vol. 2146, pp. 110–125. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  15. 15.
    McEliece, R.J.: A Public-Key Cryptosystem Based on Alzebraic Coding Theory. JPL DSN Progress report 42-44, 114–116 (1978)Google Scholar
  16. 16.
    Nguyen, P.Q., Pointcheval, D.: Analysis and Improvements of NTRU Encryption Paddings. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 210–225. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  17. 17.
    Nguyen, P.Q., Stern, J.: The Two Faces of Lattice in Cryptology. In: Silverman, J.H. (ed.) CaLC 2001. LNCS, vol. 2146, pp. 148–180. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  18. 18.
    Rivest, R.L., Shamir, A., Adleman, L.: A Method for Obtaining Digital Signatures and Public Key Cryptosystem. Communications of the ACM 21, 120–126 (1978)zbMATHCrossRefMathSciNetGoogle Scholar
  19. 19.
    Schnorr, C.P.: A Hierarchy of Polynomial Time Lattice Basis Reduction Algorithms. Theoretical Computer Science 53, 201–224 (1987)zbMATHCrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Nitin Vats
    • 1
  1. 1.Department of Computer Science and AutomationIndian Institute of ScienceBangaloreIndia

Personalised recommendations