NTRU - Quantum-Safe Encryption

About NTRU

NTRU (Nth-degree TRUncated polynomial ring) is a lattice-based public key cryptosystem that was first proposed in 1996 by mathematicians Jeffrey Hoffstein, Jill Pipher, and Joseph H. Silverman. It is considered one of the leading candidates for post-quantum cryptography due to its resistance to attacks from quantum computers.

Key Features:

  • Type: Lattice-based public key encryption algorithm
  • Security Basis: Shortest Vector Problem (SVP) in lattices
  • Quantum Resistance: Believed to be secure against attacks using quantum computers
  • Performance: Faster key generation, encryption, and decryption compared to many other post-quantum algorithms
  • Key Sizes: Relatively compact public and private keys
  • Standardization: NTRU-based schemes are finalists in the NIST Post-Quantum Cryptography standardization process

Advantages:

  • Faster than many other post-quantum algorithms, especially RSA and ECC
  • Relatively compact keys compared to some other post-quantum schemes
  • One of the oldest post-quantum schemes with extensive cryptanalysis
  • Patents have expired, making it free to use

Applications:

  • Secure communications resistant to quantum attacks
  • Key exchange for establishing shared secrets
  • Hybrid cryptography in combination with symmetric algorithms
  • Long-term security for data that needs to remain secure for decades
Note: While NTRU is primarily used for encryption, related lattice-based schemes like FALCON (also based on NTRU lattices) provide digital signature functionality. Together, these algorithms can provide a complete post-quantum cryptographic solution.

Generate NTRU Keys

Keep your private key secret! Never share it with anyone.

Encrypt File with NTRU

Decrypt NTRU File

How NTRU Works

NTRU is a lattice-based public key cryptosystem that operates on polynomial rings, providing security based on the hardness of certain lattice problems.

Key Generation:

  1. Generate two small polynomials f and g with coefficients from a small set (typically {-1, 0, 1})
  2. Compute the inverse of f in a polynomial ring
  3. Calculate h = g * f^(-1) mod q
  4. Public key = h
  5. Private key = f (and sometimes g)

Encryption:

  1. Convert the message to a polynomial m with small coefficients
  2. Generate a random "blinding" polynomial r with small coefficients
  3. Compute the ciphertext e = r * h + m mod q

Decryption:

  1. Compute a = f * e mod q
  2. Ensure coefficients of a are in the correct range
  3. Compute m = f^(-1) * a mod p

Parameter Sets:

  • NTRU-HPS-2048-509: NIST Security Level 1 (equivalent to AES-128)
  • NTRU-HPS-2048-677: NIST Security Level 3 (equivalent to AES-192)
  • NTRU-HPS-4096-821: NIST Security Level 5 (equivalent to AES-256)
  • NTRU-HRSS-701: NIST Security Level 3 with different tradeoffs
Note: This is a simplified explanation. The actual implementation involves complex polynomial operations and careful parameter selection to ensure security.