Conference paper Open Access

NTTRU: Truly Fast NTRU Using NTT

Lyubashevsky , Vadim; Seiler, Gregor

JSON-LD ( Export

  "description": "<p>We present NTTRU -- an IND-CCA2 secure NTRU-based key encapsulation scheme that uses the number theoretic transform (NTT) over the cyclotomic ring&nbsp;Z7681[X]/(X768&minus;X384+1)Z7681[X]/(X768&minus;X384+1)&nbsp;and produces public keys and ciphertexts of approximately&nbsp;1.251.25&nbsp;KB at the&nbsp;128128-bit security level. The number of cycles on a Skylake CPU of our constant-time AVX2 implementation of the scheme for key generation, encapsulation and decapsulation is approximately&nbsp;6.46.4K,&nbsp;6.16.1K, and&nbsp;7.97.9K, which is more than 30X, 5X, and 8X faster than these respective procedures in the NTRU schemes that were submitted to the NIST post-quantum standardization process. These running times are also, by a large margin, smaller than those for all the other schemes in the NIST process. We also give a simple transformation that allows one to provably deal with small decryption errors in OW-CPA encryption schemes (such as NTRU) when using them to construct an IND-CCA2 key encapsulation.</p>", 
  "license": "", 
  "creator": [
      "@type": "Person", 
      "name": "Lyubashevsky , Vadim"
      "@type": "Person", 
      "name": "Seiler, Gregor"
  "headline": "NTTRU: Truly Fast NTRU Using NTT", 
  "image": "", 
  "datePublished": "2019-01-16", 
  "url": "", 
  "@type": "ScholarlyArticle", 
  "keywords": [
    "public-key cryptography / NTRU", 
    "Lattice Cryptography, AVX2", 
  "@context": "", 
  "identifier": "", 
  "@id": "", 
  "workFeatured": {
    "@type": "Event", 
    "name": "Conference on Cryptographic Hardware and Embedded Systems 2019"
  "name": "NTTRU: Truly Fast NTRU Using NTT"
Views 67
Downloads 50
Data volume 32.7 MB
Unique views 65
Unique downloads 49


Cite as