Skip to content


Subversion checkout URL

You can clone with
Download ZIP
C Implementation of NTRUEncrypt
C Perl Other
Latest commit c4eb8a2 @tbuktu Fix SSE detection on BSD

C implementation of NTRUEncrypt

An implementation of the public-key encryption scheme NTRUEncrypt in C.

NTRU's main strengths are high performance and resistance to quantum computer attacks. Its main drawback is that it is patent encumbered. The patents expire in 2020; when built with the NTRU_AVOID_HAMMING_WT_PATENT flag, libntru becomes patent-free in 2017.

Benchmark results:

Benchmark results

For more information on the NTRUEncrypt algorithm, see the NTRU introduction page at


Run make to build the library, or make test to run unit tests. make bench builds a benchmark program. On *BSD, use gmake instead of make.

The SSE environment variable enables SSSE3 support (SSE=yes) or disables it (SSE=no). Default on Linux, BSD, and MacOS is to autodetect SSSE3 on the build host, Windows default is no SSSE3.


#include "ntru.h"

/* key generation */
struct NtruEncParams params = NTRU_DEFAULT_PARAMS_128_BITS; /*see encparams.h for more*/
NtruRandGen rng_def = NTRU_RNG_DEFAULT;
NtruRandContext rand_ctx_def;
if (ntru_rand_init(&rand_ctx_def, &rng_def) != NTRU_SUCCESS)
    printf("rng fail\n");
NtruEncKeyPair kp;
if (ntru_gen_key_pair(&params, &kp, &rand_ctx_def) != NTRU_SUCCESS)
    printf("keygen fail\n");

/* deterministic key generation from password */
uint8_t seed[17];
strcpy(seed, "my test password");
NtruRandGen rng_igf2 = NTRU_RNG_IGF2;
NtruRandContext rand_ctx_igf2;
if (ntru_rand_init_det(&rand_ctx_igf2, &rng_igf2, seed, strlen(seed)) != NTRU_SUCCESS)
    printf("rng fail\n");
if (ntru_gen_key_pair(&params, &kp, &rand_ctx_igf2) != NTRU_SUCCESS)
    printf("keygen fail\n");

/* encryption */
uint8_t msg[9];
strcpy(msg, "whatever");
uint8_t enc[ntru_enc_len(&params)];
if (ntru_encrypt(msg, strlen(msg), &, &params, &rand_ctx_def, enc) != NTRU_SUCCESS)
    printf("encrypt fail\n");

/* release RNG resources */
if (ntru_rand_release(&rand_ctx_def) != NTRU_SUCCESS)
    printf("rng fail\n");
if (ntru_rand_release(&rand_ctx_igf2) != NTRU_SUCCESS)
    printf("rng fail\n");

/* decryption */
uint8_t dec[ntru_max_msg_len(&params)];
uint16_t dec_len;
if (ntru_decrypt((uint8_t*)&enc, &kp, &params, (uint8_t*)&dec, &dec_len) != NTRU_SUCCESS)
    printf("decrypt fail\n");

/* export key to uint8_t array */
uint8_t pub_arr[ntru_pub_len(&params)];
ntru_export_pub(&, pub_arr);

/* import key from uint8_t array */
NtruEncPubKey pub;
ntru_import_pub(pub_arr, &pub);

For encryption of messages longer than ntru_max_msg_len(...), see src/hybrid.c (requires OpenSSL lib+headers, use make hybrid to build).

Supported Platforms

libntru has been tested on Linux, FreeBSD, OpenBSD, Mac OS X, and Windows (MingW).

Further reading

Something went wrong with that request. Please try again.