A subfield lattice attack on overstretched NTRU assumptions: Cryptanalysis of some FHE and Graded Encoding Schemes

@article{Albrecht2016ASL,
title={A subfield lattice attack on overstretched NTRU assumptions: Cryptanalysis of some FHE and Graded Encoding Schemes},
author={Martin R. Albrecht and Shi Bai and L{\'e}o Ducas},
journal={IACR Cryptology ePrint Archive},
year={2016},
volume={2016},
pages={127}
}

We exploit the presence of a subfield to solve the NTRU problem for large moduli q: norming-down the public key h to a subfield may lead to an easier lattice problem, and any sufficiently good solution may be lifted to a short vector in the full NTRU-lattice. We restrict ourselves to choices of dimensions n(λ) and modulus q(λ) that were previously thought to offer resistance against attacks in time exponential in the security parameter λ. For any superpolynomial q(λ), the subfield attack can be… CONTINUE READING