In this paper the authors give an efficient bounded distance decoding(BDD for short)algorithm for NTRU lattices under some conditions about the modulus number q and the public key h.They then use this algorithm to giv...In this paper the authors give an efficient bounded distance decoding(BDD for short)algorithm for NTRU lattices under some conditions about the modulus number q and the public key h.They then use this algorithm to give plain-text recovery attack to NTRUEncrypt and forgery attack on NTRUSign.In particular the authors figure out a weak domain of public keys such that the recent transcript secure version of NTRU signature scheme NTRUMLS with public keys in this domain can be forged.展开更多
基金supported by the National Natural Science Foundation of China(Nos.11531002,61722213,61572026)the Major Program of Guangdong Basic and Applied Research(No.2019B030302008).
文摘In this paper the authors give an efficient bounded distance decoding(BDD for short)algorithm for NTRU lattices under some conditions about the modulus number q and the public key h.They then use this algorithm to give plain-text recovery attack to NTRUEncrypt and forgery attack on NTRUSign.In particular the authors figure out a weak domain of public keys such that the recent transcript secure version of NTRU signature scheme NTRUMLS with public keys in this domain can be forged.