A submission to the NIST post-quantum standardization effort



Implementations of ntruhps2048509, ntruhps2048677, ntruhrss701, and ntruhps4096821 have been incorporated into PQClean.


Adam Langley's implementation of ntruhrss701 is available in BoringSSL. Note that this implementation uses SHA-256 instead of SHA3 and is therefore not compatible with our implementations.

SUPERCOP packages

SUPERCOP is a toolkit for measuring the performance of cryptographic software. Recent versions of SUPERCOP include reference C implementations of ntruhps2048509, ntruhps2048677, ntruhrss701, and ntruhps4096821 and optimized AVX2 implementations of ntruhps2048509, ntruhps2048677, and ntruhrss701. Benchmarking results can be found at bench.cr.yp.to. Our most recent SUPERCOP submission package can be downloaded here (tar.gz). Previous submission packages are linked in the changelog below.

  • 2020-08-23: TIMECOP metadata. Fixed potential timing leak. Namespacing. [tar.gz]
  • 2020-03-23: New implementation of ntruhps4096821 using AVX2 instructions. [tar.gz]
  • 2019-08-16: Removed unused position-dependent code. [tar.gz]
  • 2019-08-03: New implementation of ntruhps2048677 using AVX2 instructions. [tar.gz]
  • 2019-07-31: New implementation of ntruhps2048509 using AVX2 instructions. [tar.gz]

Git repository

Development releases of our software are made available on GitHub. Most users should not use these releases.

To download and build the development software, follow these steps:

git clone https://github.com/jschanck/ntru.git
cd ref-ntruhrss701 && make
cd ../avx2-ntruhrss701 && make

This will build the following binaries:

  • test_keypair, test_encap, and test_decap are used by the test_compatibility.sh script to ensure that the ref and the avx2 implementations are computing the same output.
  • test_ntru tests functionality of encapsulation and decapsulation.
  • speed benchmarks keypair generation, encapsulation, decapsulation and various subroutines.