Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
C Implementation of NTRUEncrypt
C Perl Other
branch: master
Failed to load latest commit information.
src Use Karatsuba in ntru_mult_int_16()
tests 32-bit versions of ntru_mult_tern() and ntru_invert(), optimizations …
.gitignore Ignore compiler-generated assembly files
Makefile Fix a warning on Windows
Makefile.linux Fix i386 build
Makefile.osx Do four hashes in parallel using SSE Do four hashes in parallel using SSE
PATENTS Remove patent 6298137 as it doesn't seem to affect libntru; change wo… Mention the bench target in README
changelog Update changelog

C implementation of NTRUEncrypt

An implementation of the public-key encryption scheme NTRUEncrypt in C.

NTRU's main strengths are high performance and resistance to quantum computer attacks. Its main drawback is that it is patent encumbered. The patents expire in 2020; when built with the NTRU_AVOID_HAMMING_WT_PATENT flag, libntru becomes patent-free in 2017.

Benchmark results:

Benchmark results

For more information on the NTRUEncrypt algorithm, see the NTRU introduction page at


Run make to build the library, or make test to run unit tests. make bench builds a benchmark program.

The SSE environment variable enables SSSE3 support (SSE=yes) or disables it (SSE=no). Default on Linux and MacOS is to autodetect SSSE3 on the build host, Windows default is no SSSE3.


#include "ntru.h"

/* key generation */
struct NtruEncParams params = EES449EP1; /*see encparams.h for more*/
NtruRandGen rng_def = NTRU_RNG_DEFAULT;
NtruRandContext rand_ctx_def;
ntru_rand_init(&rand_ctx_def, &rng_def);
NtruEncKeyPair kp;
if (ntru_gen_key_pair(&params, &kp, &rand_ctx_def) != NTRU_SUCCESS)
    printf("keygen fail\n");

/* deterministic key generation from password */
uint8_t seed[17];
strcpy(seed, "my test password");
NtruRandGen rng_igf2 = NTRU_RNG_IGF2;
NtruRandContext rand_ctx_igf2;
ntru_rand_init_det(&rand_ctx_igf2, &rng_igf2, seed, strlen(seed));
if (ntru_gen_key_pair(&params, &kp, &rand_ctx_igf2) != NTRU_SUCCESS)
    printf("keygen fail\n");

/* encryption */
uint8_t msg[9];
strcpy(msg, "whatever");
uint8_t enc[ntru_enc_len(&params)];
if (ntru_encrypt(msg, strlen(msg), &, &params, &rand_ctx_def, enc) != NTRU_SUCCESS)
    printf("encrypt fail\n");

/* release RNG resources */

/* decryption */
uint8_t dec[ntru_max_msg_len(&params)];
uint16_t dec_len;
if (ntru_decrypt((uint8_t*)&enc, &kp, &params, (uint8_t*)&dec, &dec_len) != NTRU_SUCCESS)
    printf("decrypt fail\n");

/* export key to uint8_t array */
uint8_t pub_arr[ntru_pub_len(&params)];
ntru_export_pub(&, pub_arr);

/* import key from uint8_t array */
NtruEncPubKey pub;
ntru_import_pub(pub_arr, &pub);

For encryption of messages longer than ntru_max_msg_len(...), see src/hybrid.c (requires OpenSSL lib+headers, use make hybrid to build).

Supported Platforms

libntru has been tested on Linux, Mac OS X and Windows (MingW).

Further reading

Something went wrong with that request. Please try again.