Cryptology ePrint Archive: Report 2016/461

NTRU Prime

Daniel J. Bernstein and Chitchanok Chuengsatiansup and Tanja Lange and Christine van Vredendaal

Abstract: Several ideal-lattice-based cryptosystems have been broken by recent attacks that exploit special structures of the rings used in those cryptosystems. The same structures are also used in the leading proposals for post-quantum lattice-based cryptography, including the classic NTRU cryptosystem and typical Ring-LWE-based cryptosystems.

This paper proposes NTRU Prime, which tweaks NTRU to use rings without these structures; proposes Streamlined NTRU Prime, which optimizes NTRU Prime from an implementation perspective; finds high-security post-quantum parameters for Streamlined NTRU Prime; and optimizes a constant-time implementation of those parameters. The performance results are surprisingly competitive with the best previous speeds for lattice-based cryptography.

Category / Keywords: public-key cryptography / post-quantum cryptography, public-key encryption, lattice-based cryptography, ideal lattices, NTRU, Ring-LWE, security, Soliloquy, Karatsuba, Toom, software implementation, vectorization

Date: received 11 May 2016

Contact author: authorcontact-ntruprime at box cr yp to

Available format(s): PDF | BibTeX Citation

Version: 20160513:121102 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]