A Broadcast Attack Against NTRU Using Ding's Algorithm
In 1988, Hastad proposed the first broadcast attack against public key cryptosystems. The attack enables an attacker to recover the plaintext sent by a sender to multiple recipients, without requiring any knowledge of the recipient's secret key. In 2009, Plantard and Susilo first considered the broadcast attack against the lattice-based public-key cryptosystems and also gave some heuristic attacks. However, they showed that NRTU may resist their broadcast attacks, since half of its "Message" is random. Very recently, Ding proposed an ingenious algorithm to solve LWE problem with bounded errors in polynomial time.