Conference paper Open Access

# NTTRU: Truly Fast NTRU Using NTT

### Citation Style Language JSON Export

{
"DOI": "10.13154/tches.v2019.i3.180-201",
"author": [
{
},
{
"family": "Seiler, Gregor"
}
],
"issued": {
"date-parts": [
[
2019,
1,
16
]
]
},
"abstract": "<p>We present NTTRU -- an IND-CCA2 secure NTRU-based key encapsulation scheme that uses the number theoretic transform (NTT) over the cyclotomic ring&nbsp;Z7681[X]/(X768&minus;X384+1)Z7681[X]/(X768&minus;X384+1)&nbsp;and produces public keys and ciphertexts of approximately&nbsp;1.251.25&nbsp;KB at the&nbsp;128128-bit security level. The number of cycles on a Skylake CPU of our constant-time AVX2 implementation of the scheme for key generation, encapsulation and decapsulation is approximately&nbsp;6.46.4K,&nbsp;6.16.1K, and&nbsp;7.97.9K, which is more than 30X, 5X, and 8X faster than these respective procedures in the NTRU schemes that were submitted to the NIST post-quantum standardization process. These running times are also, by a large margin, smaller than those for all the other schemes in the NIST process. We also give a simple transformation that allows one to provably deal with small decryption errors in OW-CPA encryption schemes (such as NTRU) when using them to construct an IND-CCA2 key encapsulation.</p>",
"title": "NTTRU: Truly Fast NTRU Using NTT",
"id": "3355438",
"type": "paper-conference",
"event": "Conference on Cryptographic Hardware and Embedded Systems 2019"
}
73
55
views