From Wikipedia, the free encyclopedia - View original article

Jump to: navigation, search

NTRU is a patented and open source public-key cryptosystem that uses lattice-based cryptography to encrypt and decrypt data. It consists of two algorithms: NTRUEncrypt, which is used for encryption, and NTRUSign, which is used for digital signatures. Unlike other popular public-key cryptosystems, it is resistant to attacks using Shor's algorithm and its performance has been shown to be significantly better. A proprietary for-pay implementation and an open source implementation of NTRU are available.[1]


The first version of the system, which was called NTRU, was developed in 1996 by mathematicians Jeffrey Hoffstein (de), Jill Pipher, and Joseph H. Silverman. That same year, the developers of NTRU joined with Daniel Lieman and founded the NTRU Cryptosystems, Inc., and were given a patent on the cryptosystem.[2] In 2009, the company was acquired by Security Innovation, a software security company.[3]


At equivalent cryptographic strength, NTRU performs costly private key operations much faster than RSA.[citation needed] As key sizes increase, RSA's operations per second decrease cubicly, whereas NTRU's operations per second decrease quadratically.

According to the Department of Electrical Engineering, University of Leuven, "[using] a modern GTX280 GPU a throughput of up to 200 000 encryptions per second can be reached at a security level of 256 bits. Comparing this to a symmetric cipher (not a very common comparison), this is only around 20 times slower than a recent AES implementation."[4]

Resistance to quantum-computer-based attacks[edit]

Unlike RSA and Elliptic Curve Cryptography, NTRU is not known to be vulnerable to quantum computer based attacks. The National Institute of Standards and Technology wrote in a 2009 survey that "[there] are viable alternatives for both public key encryption and signatures that are not vulnerable to Shor’s Algorithm” and “[of] the various lattice based cryptographic schemes that have been developed, the NTRU family of cryptographic algorithms appears to be the most practical".[5]



NTRU is available as an open source Java or C library[1] and as a proprietary, for-pay library.[8]


  1. ^ a b Buktu, Tim. "NTRU: Quantum-Resistant cryptography". NTRU Cryptosystems, Inc. Retrieved February 4, 2013. 
  2. ^ Robertson, Elizabeth D. (August 1, 2002). "RE: NTRU Public Key Algorithms IP Assurance Statement for 802.15.3". IEEE. Retrieved February 4, 2013. 
  3. ^ Robinson, Maureen (July 22, 2009). "Security Innovation acquires NTRU Cryptosystems, a leading security solutions provider to the embedded security market" (Press release). Wilmington, MA: Security Innovation. Retrieved February 4, 2013. 
  4. ^ Hermans, Jens; Vercauteren, Frederik; Preneel, Bart (2010). Pieprzyk, Josef, ed. "Speed Records for NTRU" (PDF). Topics in Cryptography - CT-RSA 2010. Lecture Notes in Computer Science (San Francisco, CA: Springer Berlin Heidelberg) 5985: 73–88. doi:10.1007/978-3-642-11925-5_6. ISBN 978-3-642-11924-8. ISSN 0302-9743. Retrieved February 4, 2013. 
  5. ^ Perlner, Ray A.; Cooper, David A. (2009). Seamons, Kent; McBurnett, Neal; Polk, Tim, eds. "Quantum resistant public key cryptography: a survey" (PDF). Proceedings of the 8th Symposium on Identity and Trust on the Internet (New York, NY: ACM): 85–93. doi:10.1145/1527017.1527028. ISBN 978-1-60558-474-4. Retrieved February 3, 2013. 
  6. ^ http://grouper.ieee.org/groups/1363/
  7. ^ http://www.businesswire.com/news/home/20110411005309/en/Security-Innovation%E2%80%99s-NTRUEncrypt-Adopted-X9-Standard-Data
  8. ^ http://www.securityinnovation.com/products/encryption-libraries/ntru-cryptography.html

External links[edit]