NTRUsign Countermeasures
I. Original Pertubation technique of NTRUsign:
- Anticipated potential transcript attacks
- Best attacks use ⩾260 signatures [HHGP03, MPSW]
- Claimed resistance up to 230 signatures
II. Deformation technique from IEEE-IT [HWH08]
Both I. & II. were believed to resist [NgRe06]
III. Gaussian Sampling [GPV08]
- Provably secure in the Random Oracle Model
- Not very practical