# NTRU: A Ring-Based Public Key Cryptosystem

@inproceedings{Hoffstein1998NTRUAR, title={NTRU: A Ring-Based Public Key Cryptosystem}, author={Jeffrey Hoffstein and Jill Pipher and Joseph H. Silverman}, booktitle={ANTS}, year={1998} }

We describe NTRU, a new public key cryptosystem. NTRU features reasonably short, easily created keys, high speed, and low memory requirements. NTRU encryption and decryption use a mixing system suggested by polynomial algebra combined with a clustering principle based on elementary probability theory. The security of the NTRU cryptosystem comes from the interaction of the polynomial mixing system with the independence of reduction modulo two relatively prime integers p and q.

## 1,576 Citations

### Cryptanalysis of NTRU with two Public Keys

- Mathematics, Computer ScienceInt. J. Netw. Secur.
- 2014

A lattice-based attack is presented to recover the private keys of NTRU with two different public keys defined by different private keys assuming that the public keys share polynomials with a suitable number of common coefficients.

### NTRUCipher-Lattice Based Secret Key Encryption

- Computer Science, MathematicsArXiv
- 2017

This paper proposes a secret key encryption over NTRU lattices, named as NTRUCipher, and analyzes this cipher efficiency and the space complexity with respect to security aspects, and shows that the NTR UCipher is secured under the indistinguishability chosen plaintext attack.

### NTRsh: A New Secure Variant of NTRUEncrypt Based on Tripternion Algebra

- Computer Science, MathematicsJournal of Physics: Conference Series
- 2021

NTRU cryptosystem called NTRSH is improved and modification by using a new tripternion algebra and changing the mathematical structure for public and private keys, as well as for text encryption and decryption to obtain more and higher security.

### ITRU: NTRU-Based Cryptosystem Using Ring of Integers

- Mathematics, Computer Science
- 2017

ITRU is shown to be an improvement of NTRU in that, it ensures successful message decryption upon implementation using the proposed parameter selection algorithm.

### OTRU: A non-associative and high speed public key cryptosystem

- Computer Science, Mathematics2010 15th CSI International Symposium on Computer Architecture and Digital Systems
- 2010

OTRU is a high speed probabilistic multi-dimensional public key cryptosystem that encrypts eight data vectors in each encryption round that can be defined over any Dedekind domain such as convolution polynomial ring.

### A Chosen-Ciphertext Attack against NTRU

- Computer Science, MathematicsCRYPTO
- 2000

This paper examines the effect of feeding special polynomials built from the public key to the decryption algorithm, and is able to conduct a chosen-ciphertext attack that recovers the secret key from a few ciphertexts/cleartexts pairs with good probability.

### NTRU over the Eisenstein Integers

- Computer Science, Mathematics
- 2011

This work presents ETRU, an NTRU-like cryptosystem based on the Eisenstein integers Z[ω] where ω is a primitive cube root of unity and discusses parameter selection and develops a model for the probabilty of decryption failure.

### BTRU, A Rational Polynomial Analogue of NTRU Cryptosystem

- Computer Science, Mathematics
- 2016

The complexity of BTRU cryptosystem is faster than NTRU Cryptosystem because the ring of polynomial in one variable α over a rational field is simpler.

### Cryptanalysis of NTRU with n public keys

- Computer Science, Mathematics2017 ISEA Asia Security and Privacy (ISEASP)
- 2017

This paper is generalizing the idea of A. Nitaj and presenting cryptanalysis of NTRU with n public keys and compared with lattice attack given by Coppersmith and Shamir.

### NTRU Cryptosystem with Companion Matrix

- Computer Science, Mathematics
- 2016

It is shown that applying Companion matrix for the matrix formulation algorithm in N TRU public key cryptosystem substantially increases its efficiency as compared to other matrix formutation for NTRU cryptos system with invertible matrix, such as Nayak et al.

## References

SHOWING 1-10 OF 13 REFERENCES

### Lattice Attacks on NTRU

- Computer Science, MathematicsEUROCRYPT
- 1997

New lattice basis reduction techniques are applied to cryptanalyze NTRU, to discover either the original secret key, or an alternative secret key which is equally useful in decoding the ciphertexts.

### Public-Key Cryptosystems from Lattice Reduction Problems

- Computer Science, MathematicsCRYPTO
- 1996

A new proposal for a trapdoor one-way function, from which the security of the new construction is based on the conjectured computational difficulty of lattice-reduction problems, providing a possible alternative to existing public-key encryption algorithms and digital signatures such as RSA and DSS.

### New directions in cryptography

- Computer Science, MathematicsIEEE Trans. Inf. Theory
- 1976

This paper suggests ways to solve currently open problems in cryptography, and discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.

### Attacking the Chor-Rivest Cryptosystem by Improved Lattice Reduction

- Computer Science, MathematicsEUROCRYPT
- 1995

Algorithms for lattice basis reduction that are improvements of the famous L3-algorithm are introduced that solve random subset sum problems of arbitrary density with 74 and 82 many weights and by breaking Damgard's hash function.

### Lattice basis reduction: Improved practical algorithms and solving subset sum problems

- Computer ScienceFCT
- 1991

Empirical tests show that the strongest of these algorithms solves almost all subset sum problems with up to 66 random weights of arbitrary bit length within at most a few hours on a UNISYS 6000/70 or within a couple of minutes on a SPARC1 + computer.

### Block Reduced Lattice Bases and Successive Minima

- MathematicsCombinatorics, Probability and Computing
- 1994

It is proved that for i = 1,…, m where γ β is the Hermite constant for dimension β, the maximum is taken over all block reduced bases of all lattices L .

### An Efficient Probabilistic Public-Key Encryption Scheme Which Hides All Partial Information

- Computer ScienceCRYPTO
- 1984

This paper introduces the first probabilistic public-key encryption scheme which combines the following two properties: perfect secrecy with respect to polynomial time eavesdroppers and effectiveness in both encoding and decoding time and bandwidth expansion.

### Factoring polynomials with rational coefficients

- Mathematics
- 1982

In this paper we present a polynomial-time algorithm to solve the following problem: given a non-zero polynomial fe Q(X) in one variable with rational coefficients, find the decomposition of f into…