Characterizing overstretched NTRU attacks

Overstretched NTRU is a variant of NTRU with a large modulus. Recent lattice subfield and subring attacks have broken suggested parameters for several schemes. There are a number of conflicting claims in the literature over which attack has the best performance. These claims are typically based on experiments more than analysis. In this paper, we argue that comparisons should focus on the lattice dimension used in the attack. We give evidence, both analytically and experimentally, that the subring attack finds shorter vectors and thus is expected to succeed with a smaller dimension lattice than the subfield attack for the same problem parameters, and also to succeed with a smaller modulus when the lattice dimension is fixed.

An Attack Bound for Small Multiplicative Inverse of φ(N) mod e with a Composed Prime Sum p+q Using Sublattice Based Techniques

In this paper, we gave an attack on RSA (Rivest–Shamir–Adleman) Cryptosystem when φ(N) has small multiplicative inverse modulo e and the prime sum p + q is of the form p + q = 2nk0 + k1, where n is a given positive integer and k0 and k1 are two suitably small unknown integers using sublattice reduction techniques and Coppersmith’s methods for finding small roots of modular polynomial equations. When we compare this method with an approach using lattice based techniques, this procedure slightly improves the bound and reduces the lattice dimension. Employing the previous tools, we provide a new attack bound for the deciphering exponent when the prime sum p + q = 2nk0 + k1 and performed an analysis with Boneh and Durfee’s deciphering exponent bound for appropriately small k0 and k1.

An Improved Encryption Scheme for Traitor Tracing from Lattice

This article first describes a paper by Ling, Phan, and Stehle at the CRYPTO 2014 which presented the first encryption scheme for traitor tracing from lattice, and the scheme is almost as efficient as the learning with errors (LWE) encryption. However, their scheme is not constructed on an efficient trapdoor, that is, the trapdoor generation and preimage sampling algorithms are rather complex and not suitable for practice. This article is considered to use the MP12 trapdoor to construct an improved traitor tracing scheme. First, by using batch execution method, this article proposes an improved extracting algorithm for the user's key. Then, this article combines that with multi-bit encryption system to construct an efficient one-to-many encryption scheme. Furthermore, it is presented that a novel projective sampling family has very small hidden constants. Finally, a comparative analysis shows that the parameters of the scheme such as lattice dimension, trapdoor size, and ciphertext expansion rate, etc., all decrease in some degree, and the computational cost is reduced.

An Attack Bound for Small Multiplicative Inverse of Euler function of modulo "e" with a Composed Prime Sum p+q Using Sublattice Based Techniques

In this paper, we gave an attack on RSA when Euler function has small multiplicative inverse modulo "e" and the prime sum p+q is of the form p+q=2^nk_0+k_1 where n is a given positive integer and k_0 and k_1 are two suitably small unknown integers using sublattice reduction techniques and Coppersmith's methods for finding small roots of modular polynomial equations. When we compare this method with an approach using lattice based techniques, this procedure slightly improves the bound and reduces the lattice dimension.

Tuple lattice sieving

Lattice sieving is asymptotically the fastest approach for solving the shortest vector problem (SVP) on Euclidean lattices. All known sieving algorithms for solving the SVP require space which (heuristically) grows as $2^{0.2075n+o(n)}$, where $n$ is the lattice dimension. In high dimensions, the memory requirement becomes a limiting factor for running these algorithms, making them uncompetitive with enumeration algorithms, despite their superior asymptotic time complexity.We generalize sieving algorithms to solve SVP with less memory. We consider reductions of tuples of vectors rather than pairs of vectors as existing sieve algorithms do. For triples, we estimate that the space requirement scales as $2^{0.1887n+o(n)}$. The naive algorithm for this triple sieve runs in time $2^{0.5661n+o(n)}$. With appropriate filtering of pairs, we reduce the time complexity to $2^{0.4812n+o(n)}$ while keeping the same space complexity. We further analyze the effects of using larger tuples for reduction, and conjecture how this provides a continuous trade-off between the memory-intensive sieving and the asymptotically slower enumeration.

Two exactly soluble models of rigidity percolation

We summarize results for two exactly soluble classes of bond-diluted models for rigidity percolation, which can serve as a benchmark for numerical and approximate methods. For bond dilution problems involving rigidity, the number of floppy modes F plays the role of a free energy. Both models involve pathological lattices with two-dimensional vector displacements. The first model involves hierarchical lattices where renormalization group calculations can be used to give exact solutions. Algebraic scaling transformations produce a transition of the second order, with an unstable critical point and associated scaling laws at a mean coordination 〈 r 〉=4.41, which is above the ‘mean field’ value 〈 r 〉=4 predicted by Maxwell constraint counting. The order parameter exponent associated with the spanning rigid cluster geometry is β =0.0775 and that associated with the divergence of the correlation length and the anomalous lattice dimension d is dν =3.533. The second model involves Bethe lattices where the rigidity transition is massively first order by a mean coordination 〈 r 〉=3.94 slightly below that predicted by Maxwell constraint counting. We show how a Maxwell equal area construction can be used to locate the first-order transition and how this result agrees with simulation results on larger random-bond lattices using the pebble game algorithm.