Message Recovery Attack in NTRU through VFK Lattices

TL;DR

This paper presents a message recovery attack on all variants of NTRU by reducing the problem to a Voronoi First Kind lattice and applying a polynomial CVP algorithm, demonstrating potential vulnerabilities.

Contribution

The paper introduces a novel reduction from NTRU lattices to VFK lattices and employs a polynomial CVP algorithm for effective message recovery attacks.

Findings

Successful attack on NTRU-HPS and NTRU-Prime variants

Identification of mathematical conditions for attack success

Proposed method to assess NTRU resistance

Abstract

In the present paper, we implement a message recovery attack to all variants of the NTRU cryptosystem. Our approach involves a reduction from the NTRU-lattice to a Voronoi First Kind lattice, enabling the application of a polynomial CVP exact algorithm crucial for executing the Message Recovery. The efficacy of our attack relies on a specific oracle that permits us to approximate an unknown quantity. Furthermore, we outline the mathematical conditions under which the attack is successful. Finally, we delve into a well-established polynomial algorithm for CVP on VFK lattices and its implementation, shedding light on its efficacy in our attack. Subsequently, we present comprehensive experimental results on the NTRU-HPS and the NTRU-Prime variants of the NIST submissions and propose a method that could indicate the resistance of the NTRU cryptosystem to our attack.