Conference paper Open Access

NTTRU: Truly Fast NTRU Using NTT

Lyubashevsky , Vadim; Seiler, Gregor

Citation Style Language JSON Export

  "DOI": "10.13154/tches.v2019.i3.180-201", 
  "author": [
      "family": "Lyubashevsky , Vadim"
      "family": "Seiler, Gregor"
  "issued": {
    "date-parts": [
  "abstract": "<p>We present NTTRU -- an IND-CCA2 secure NTRU-based key encapsulation scheme that uses the number theoretic transform (NTT) over the cyclotomic ring&nbsp;Z7681[X]/(X768&minus;X384+1)Z7681[X]/(X768&minus;X384+1)&nbsp;and produces public keys and ciphertexts of approximately&nbsp;1.251.25&nbsp;KB at the&nbsp;128128-bit security level. The number of cycles on a Skylake CPU of our constant-time AVX2 implementation of the scheme for key generation, encapsulation and decapsulation is approximately&nbsp;6.46.4K,&nbsp;6.16.1K, and&nbsp;7.97.9K, which is more than 30X, 5X, and 8X faster than these respective procedures in the NTRU schemes that were submitted to the NIST post-quantum standardization process. These running times are also, by a large margin, smaller than those for all the other schemes in the NIST process. We also give a simple transformation that allows one to provably deal with small decryption errors in OW-CPA encryption schemes (such as NTRU) when using them to construct an IND-CCA2 key encapsulation.</p>", 
  "title": "NTTRU: Truly Fast NTRU Using NTT", 
  "id": "3355438", 
  "type": "paper-conference", 
  "event": "Conference on Cryptographic Hardware and Embedded Systems 2019"
Views 73
Downloads 55
Data volume 36.0 MB
Unique views 71
Unique downloads 54


Cite as