libntruprime is a microlibrary for the Streamlined NTRU Prime cryptosystem. Streamlined NTRU Prime (sntrup) is a lattice-based cryptosystem with the following features:

• Stability: Almost all details of sntrup match a May 2016 publication. The only exceptions are small changes to encoding and hashing published in April 2019.
• Patent-freeness: April 2019 predates almost all post-quantum patents. Analyses of various lattice patents filed before April 2019 indicate no problems for sntrup.
• Deployment: The popular OpenSSH tool switched to sntrup761 by default in April 2022, following initial integration of sntrup into TinySSH.
• Affordability: Keys and ciphertexts are about 1KB for sntrup761, and computations are fast.
• Careful design: Subject to the requirement of being a small lattice-based cryptosystem, sntrup is systematically designed to eliminate unnecessary complications in security review. It eliminates decryption failures, for example, and eliminates cyclotomics. The cryptosystem has never needed a security patch.
• Risk management: A much higher sntrup1277 security level is fully supported, and is recommended whenever 2KB keys and ciphertexts are affordable, to reduce risks from improvements in lattice attacks.
• Flexibility: The sntrup design allows a full spectrum of tradeoffs between size and security level, so applications with intermediate size limits aren't forced into much lower security levels. Six different sizes have been selected for support.

libntruprime has a very simple stateless API based on the SUPERCOP API, with wire-format inputs and outputs, providing functions that directly match the KEM operations provided by the sntrup specification, such as functions

sntrup1277_keypair
sntrup1277_enc
sntrup1277_dec

for the sntrup1277 KEM.

Internally, libntruprime includes implementations designed to work portably across CPUs, and implementations designed for higher performance on Intel/AMD CPUs with AVX2 instructions. libntruprime includes automatic run-time selection of implementations.

libntruprime is intended to be called by larger multi-function libraries (such as traditional cryptographic libraries), including libraries in other languages via FFI. The idea is that libntruprime takes responsibility for the details of sntrup computation, including optimization, timing-attack protection, and (in ongoing work) verification, freeing up the calling libraries to concentrate on application-specific needs such as protocol integration. Applications can also call libntruprime directly.