Group ring NTRU (GR-NTRU) provides a general structure to design different variants of NTRU-like schemes by employing different groups. Although, most of the schemes in literature are built over cyclic groups, nonabelian groups can also be used. Coppersmith and Shamir in 1997 have suggested that noncommutativity may result in better security against some lattice attacks for some groups. Lattice attacks on the public key of NTRU-like cryptosystems try to retrieve the private key by solving the shortest vector problem (SVP) or its approximation in a lattice of a certain dimension, assuming the knowledge of the public key only. This paper shows that dihedral groups do not guarantee better security against this class of attacks. We prove that retrieving the private key is possible by solving the SVP in two lattices with half the dimension of the original lattice generated for GR-NTRU based on dihedral groups. The possibility of such an attack was mentioned by Yasuda et al.(IACR/2015/1170). In contrast to their proposed approach, we explicitly provide the lattice reduction without any structure theorem from the representation theory for finite groups. Furthermore, we demonstrate the effectiveness of our technique with experimental results.

翻译：群环NTRU（GR-NTRU）通过采用不同群的结构，为设计类NTRU方案的多样化变体提供了通用框架。尽管文献中大多数方案基于循环群构建，但非阿贝尔群同样可被采用。Coppersmith与Shamir于1997年指出，对于某些群，非交换性可能增强对特定格攻击的抗性。针对类NTRU密码系统公钥的格攻击，试图在仅知公钥的前提下，通过求解特定维度格中的最短向量问题（SVP）或其近似问题来恢复私钥。本文证明二面体群对此类攻击无法提供更好的安全性保障。我们证明，通过求解两个维度仅为基于二面体群的GR-NTRU原始格一半的格中的SVP，即可恢复私钥。Yasuda等人（IACR/2015/1170）曾提及此类攻击的可能性。与他们的方法不同，我们在不依赖有限群表示论结构定理的情况下，明确给出了格约简方案。此外，我们通过实验结果验证了该技术的有效性。