The Attack In Practice

We implemented this attack against perturbated NTRUSign-80, using a variant of Odlyzko MiM as BBD solver.

Successful key-recovery using

4000 signatures, in 5 core-hours

Similar success against NTRUSign-{112,128}.

Some success when increasing the amount

of perturbation from 1 to 5.

NTRUSign with Perturbation

Countermeasure is Fully Broken