Paper 2017/667

High-speed key encapsulation from NTRU

Andreas Hülsing, Joost Rijneveld, John M. Schanck, and Peter Schwabe

Abstract

This paper presents software demonstrating that the 20-year-old NTRU cryptosystem is competitive with more recent lattice-based cryptosystems in terms of speed, key size, and ciphertext size. We present a slightly simplified version of textbook NTRU, select parameters for this encryption scheme that target the 128-bit post-quantum security level, construct a KEM that is CCA2-secure in the quantum random oracle model, and present highly optimized software targeting Intel CPUs with the AVX2 vector instruction set. This software takes only 307914 cycles for the generation of a keypair, 48646 for encapsulation, and 67338 for decapsulation. It is, to the best of our knowledge, the first NTRU software with full protection against timing attacks.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
A major revision of an IACR publication in CHES 2017
Keywords
Post-quantum cryptolattice-based cryptoNTRUCCA2-secure KEMQROMAVX2
Contact author(s)
authors-ntrukem @ joostrijneveld nl
History
2017-08-29: last of 2 revisions
2017-07-05: received
See all versions
Short URL
https://ia.cr/2017/667
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2017/667,
      author = {Andreas Hülsing and Joost Rijneveld and John M.  Schanck and Peter Schwabe},
      title = {High-speed key encapsulation from NTRU},
      howpublished = {Cryptology ePrint Archive, Paper 2017/667},
      year = {2017},
      note = {\url{https://eprint.iacr.org/2017/667}},
      url = {https://eprint.iacr.org/2017/667}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.