-r--r--r-- 6828 libntruprime-20240825/doc/html/index.html raw
<html> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <style type="text/css"> html{overflow-y:scroll;background-color:#004591} body{font-family:"Noto Sans","Droid Sans","DejaVu Sans","Arial",sans-serif;line-height:1.5} tt,code{background-color:#f0f0f0;font-family:"Noto Sans Mono","Droid Sans Mono","DejaVu Sans Mono","Courier New",monospace,sans-serif;font-size:1em;} pre{margin-left:3em} p,ul,ol,blockquote,pre{font-size:1.0em;line-height:1.6} li p{font-size:1.0em} blockquote p{font-size:1.0em} h1{font-size:1.5em} h2{font-size:1.3em} h3{font-size:1.0em} h1 a{text-decoration:none} table{border-collapse:collapse} th,td{border:1px solid black} table a{text-decoration:none} table tr{font-size:1.0em;line-height:1.6em} table tr{font-size:1.0em;line-height:1.5} tbody tr:nth-child(12n+1){background-color:#f0ffff} tbody tr:nth-child(12n+2){background-color:#f0ffff} tbody tr:nth-child(12n+3){background-color:#f0ffff} tbody tr:nth-child(12n+4){background-color:#f0ffff} tbody tr:nth-child(12n+5){background-color:#f0ffff} tbody tr:nth-child(12n+6){background-color:#f0ffff} tbody tr:nth-child(12n+7){background-color:#fffff0} tbody tr:nth-child(12n+8){background-color:#fffff0} tbody tr:nth-child(12n+9){background-color:#fffff0} tbody tr:nth-child(12n+10){background-color:#fffff0} tbody tr:nth-child(12n+11){background-color:#fffff0} tbody tr:nth-child(12n+12){background-color:#fffff0} .headline{padding:0;font-weight:bold;font-size:1.0em;vertical-align:top;padding-bottom:0.5em;color:#ffffff;background-color:#004591} .navt{display:block;box-sizing:border-box;-moz-box-sizing:border-box;-webkit-box-sizing:border-box;margin:0;padding:0;vertical-align:center;font-size:1.0em} .here{background-color:#004591} .here{color:#ffffff} .away{background-color:#004591} .away a{text-decoration:none;display:block;color:#ffffff} .away a:hover,.away a:active{text-decoration:underline} .main{padding:5px} .main{background-color:#ffffff} .pagetitle{font-size:1.4em;font-weight:bold} @media only screen and (min-width:512px) { .fixed{margin:0;padding:0;width:160px;height:100%;position:fixed;overflow:auto} .main{margin-left:170px} } </style> <title> libntruprime: Intro</title> </head> <body> <div class=fixed> <div class=headline> libntruprime</div> <div class="navt here">Intro </div><div class="navt away"><a href=download.html>Download</a> </div><div class="navt away"><a href=install.html>Install</a> </div><div class="navt away"><a href=test.html>Test</a> </div><div class="navt away"><a href=api.html>API</a> </div><div class="navt away"><a href=cli.html>CLI</a> </div><div class="navt away"><a href=security.html>Security</a> </div><div class="navt away"><a href=verification.html>Verification</a> </div><div class="navt away"><a href=speed.html>Speed</a> </div><div class="navt away"><a href=internals.html>Internals</a> </div><div class="navt away"><a href=people.html>People</a> </div><div class="navt away"><a href=license.html>License</a> </div></div> <div class=main> <div class=pagetitle>libntruprime: Intro</div> <p>libntruprime is a microlibrary for the <a href="https://ntruprime.cr.yp.to">Streamlined NTRU Prime</a> cryptosystem. Streamlined NTRU Prime (<code>sntrup</code>) is a lattice-based cryptosystem with the following features:</p> <ul> <li>Stability: Almost all details of <code>sntrup</code> match a <a href="https://ntruprime.cr.yp.to/ntruprime-20160511.pdf">May 2016</a> publication. The only exceptions are small changes to encoding and hashing published in <a href="https://ntruprime.cr.yp.to/nist/ntruprime-20190330.pdf">April 2019</a>.</li> <li>Patent-freeness: April 2019 predates almost all <a href="https://patents.google.com/?q=(%22post-quantum%22)">post-quantum patents</a>. Analyses of various <a href="https://ntruprime.cr.yp.to/faq.html">lattice patents</a> filed before April 2019 indicate no problems for <code>sntrup</code>.</li> <li>Deployment: The popular OpenSSH tool switched to <code>sntrup761</code> by default in <a href="https://www.openssh.com/txt/release-9.0">April 2022</a>, following initial integration of <code>sntrup</code> into <a href="https://github.com/janmojzis/tinyssh">TinySSH</a>.</li> <li>Affordability: Keys and ciphertexts are <a href="https://ntruprime.cr.yp.to/speed.html">about 1KB</a> for <code>sntrup761</code>, and computations are <a href="speed.html">fast</a>.</li> <li>Careful design: Subject to the requirement of being a small lattice-based cryptosystem, <code>sntrup</code> is systematically designed to <a href="https://ntruprime.cr.yp.to/">eliminate unnecessary complications in security review</a>. It eliminates decryption failures, for example, and eliminates cyclotomics. The cryptosystem has never needed a security patch.</li> <li>Risk management: A much higher <code>sntrup1277</code> security level is <a href="https://ntruprime.cr.yp.to/speed.html">fully supported</a>, and is recommended whenever 2KB keys and ciphertexts are affordable, to reduce risks from <a href="https://ntruprime.cr.yp.to/warnings.html">improvements in lattice attacks</a>.</li> <li>Flexibility: The <code>sntrup</code> design allows a full spectrum of tradeoffs between size and security level, so applications with intermediate size limits aren't forced into much lower security levels. <a href="https://ntruprime.cr.yp.to/speed.html">Six different sizes</a> have been selected for support.</li> </ul> <p>libntruprime has a very simple stateless <a href="api.html">API</a> based on the SUPERCOP API, with wire-format inputs and outputs, providing functions that directly match the KEM operations provided by the <code>sntrup</code> specification, such as functions</p> <pre><code>sntrup1277_keypair sntrup1277_enc sntrup1277_dec </code></pre> <p>for the <code>sntrup1277</code> KEM.</p> <p>Internally, libntruprime includes implementations designed to work portably across CPUs, and implementations designed for <a href="speed.html">higher performance</a> on Intel/AMD CPUs with AVX2 instructions. libntruprime includes automatic run-time selection of implementations.</p> <p>libntruprime is intended to be called by larger multi-function libraries (such as traditional cryptographic libraries), including libraries in other languages via FFI. The idea is that libntruprime takes responsibility for the details of <code>sntrup</code> computation, including optimization, timing-attack protection, and (in ongoing work) verification, freeing up the calling libraries to concentrate on application-specific needs such as protocol integration. Applications can also call libntruprime directly.</p><hr><font size=1><b>Version:</b> This is version 2024.08.25 of the "Intro" web page. </font> </div> </body> </html>