Cryptology ePrint Archive: Report 2019/040

NTTRU: Truly Fast NTRU Using NTT

Vadim Lyubashevsky and Gregor Seiler

Abstract: We present NTTRU -- an IND-CCA2 secure NTRU-based key encapsulation scheme that uses the number theoretic transform (NTT) over the cyclotomic ring $Z_{7681}[X]/(X^{768}-X^{384}+1)$ and produces public keys and ciphertexts of approximately $1.25$ KB at the $128$-bit security level. The number of cycles on a Skylake CPU of our constant-time AVX2 implementation of the scheme for key generation, encapsulation and decapsulation is approximately $6.4$K, $6.1$K, and $7.9$K, which is more than 30X, 5X, and 8X faster than these respective procedures in the NTRU schemes that were submitted to the NIST post-quantum standardization process. These running times are also, by a large margin, smaller than those for all the other schemes in the NIST process. We also give a simple transformation that allows one to provably deal with small decryption errors in OW-CPA encryption schemes (such as NTRU) when using them to construct an IND-CCA2 key encapsulation.

Category / Keywords: public-key cryptography / NTRU, Lattice Cryptography, AVX2, NTT

Original Publication (in the same form): IACR-CHES-2019

Date: received 16 Jan 2019, last revised 9 Feb 2020

Contact author: vadim lyubash at gmail com, gseiler at inf ethz ch

Available format(s): PDF | BibTeX Citation

Version: 20200209:175939 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]