-r--r--r-- 6828 libntruprime-20240825/doc/html/index.html raw
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<style type="text/css">
html{overflow-y:scroll;background-color:#004591}
body{font-family:"Noto Sans","Droid Sans","DejaVu Sans","Arial",sans-serif;line-height:1.5}
tt,code{background-color:#f0f0f0;font-family:"Noto Sans Mono","Droid Sans Mono","DejaVu Sans Mono","Courier New",monospace,sans-serif;font-size:1em;}
pre{margin-left:3em}
p,ul,ol,blockquote,pre{font-size:1.0em;line-height:1.6}
li p{font-size:1.0em}
blockquote p{font-size:1.0em}
h1{font-size:1.5em}
h2{font-size:1.3em}
h3{font-size:1.0em}
h1 a{text-decoration:none}
table{border-collapse:collapse}
th,td{border:1px solid black}
table a{text-decoration:none}
table tr{font-size:1.0em;line-height:1.6em}
table tr{font-size:1.0em;line-height:1.5}
tbody tr:nth-child(12n+1){background-color:#f0ffff}
tbody tr:nth-child(12n+2){background-color:#f0ffff}
tbody tr:nth-child(12n+3){background-color:#f0ffff}
tbody tr:nth-child(12n+4){background-color:#f0ffff}
tbody tr:nth-child(12n+5){background-color:#f0ffff}
tbody tr:nth-child(12n+6){background-color:#f0ffff}
tbody tr:nth-child(12n+7){background-color:#fffff0}
tbody tr:nth-child(12n+8){background-color:#fffff0}
tbody tr:nth-child(12n+9){background-color:#fffff0}
tbody tr:nth-child(12n+10){background-color:#fffff0}
tbody tr:nth-child(12n+11){background-color:#fffff0}
tbody tr:nth-child(12n+12){background-color:#fffff0}
.headline{padding:0;font-weight:bold;font-size:1.0em;vertical-align:top;padding-bottom:0.5em;color:#ffffff;background-color:#004591}
.navt{display:block;box-sizing:border-box;-moz-box-sizing:border-box;-webkit-box-sizing:border-box;margin:0;padding:0;vertical-align:center;font-size:1.0em}
.here{background-color:#004591}
.here{color:#ffffff}
.away{background-color:#004591}
.away a{text-decoration:none;display:block;color:#ffffff}
.away a:hover,.away a:active{text-decoration:underline}
.main{padding:5px}
.main{background-color:#ffffff}
.pagetitle{font-size:1.4em;font-weight:bold}
@media only screen and (min-width:512px) {
  .fixed{margin:0;padding:0;width:160px;height:100%;position:fixed;overflow:auto}
  .main{margin-left:170px}
}
</style>
<title>
libntruprime: Intro</title>
</head>
<body>
<div class=fixed>
<div class=headline>
libntruprime</div>
<div class="navt here">Intro
</div><div class="navt away"><a href=download.html>Download</a>
</div><div class="navt away"><a href=install.html>Install</a>
</div><div class="navt away"><a href=test.html>Test</a>
</div><div class="navt away"><a href=api.html>API</a>
</div><div class="navt away"><a href=cli.html>CLI</a>
</div><div class="navt away"><a href=security.html>Security</a>
</div><div class="navt away"><a href=verification.html>Verification</a>
</div><div class="navt away"><a href=speed.html>Speed</a>
</div><div class="navt away"><a href=internals.html>Internals</a>
</div><div class="navt away"><a href=people.html>People</a>
</div><div class="navt away"><a href=license.html>License</a>
</div></div>
<div class=main>
<div class=pagetitle>libntruprime: Intro</div>
<p>libntruprime is a microlibrary for the
<a href="https://ntruprime.cr.yp.to">Streamlined NTRU Prime</a>
cryptosystem.
Streamlined NTRU Prime (<code>sntrup</code>) is a lattice-based cryptosystem with the following features:</p>
<ul>
<li>Stability:
  Almost all details of <code>sntrup</code> match a
  <a href="https://ntruprime.cr.yp.to/ntruprime-20160511.pdf">May 2016</a> publication.
  The only exceptions are small changes to encoding and hashing published in
  <a href="https://ntruprime.cr.yp.to/nist/ntruprime-20190330.pdf">April 2019</a>.</li>
<li>Patent-freeness:
  April 2019 predates almost all
  <a href="https://patents.google.com/?q=(%22post-quantum%22)">post-quantum patents</a>.
  Analyses of various <a href="https://ntruprime.cr.yp.to/faq.html">lattice patents</a>
  filed before April 2019 indicate no problems for <code>sntrup</code>.</li>
<li>Deployment:
  The popular OpenSSH tool switched to <code>sntrup761</code> by default
  in <a href="https://www.openssh.com/txt/release-9.0">April 2022</a>,
  following initial integration of <code>sntrup</code> into <a href="https://github.com/janmojzis/tinyssh">TinySSH</a>.</li>
<li>Affordability:
  Keys and ciphertexts are <a href="https://ntruprime.cr.yp.to/speed.html">about 1KB</a>
  for <code>sntrup761</code>,
  and computations are <a href="speed.html">fast</a>.</li>
<li>Careful design:
  Subject to the requirement of being a small lattice-based cryptosystem,
  <code>sntrup</code> is systematically designed to
  <a href="https://ntruprime.cr.yp.to/">eliminate unnecessary complications in security review</a>.
  It eliminates decryption failures, for example, and eliminates cyclotomics.
  The cryptosystem has never needed a security patch.</li>
<li>Risk management: A much higher <code>sntrup1277</code> security level is
  <a href="https://ntruprime.cr.yp.to/speed.html">fully supported</a>,
  and is recommended whenever 2KB keys and ciphertexts are affordable,
  to reduce risks from
  <a href="https://ntruprime.cr.yp.to/warnings.html">improvements in lattice attacks</a>.</li>
<li>Flexibility:
  The <code>sntrup</code> design allows a full spectrum of tradeoffs between size and security level,
  so applications with intermediate size limits aren't forced into much lower security levels.
  <a href="https://ntruprime.cr.yp.to/speed.html">Six different sizes</a>
  have been selected for support.</li>
</ul>
<p>libntruprime has a very simple stateless <a href="api.html">API</a>
based on the SUPERCOP API,
with wire-format inputs and outputs,
providing functions
that directly match the KEM operations provided by the <code>sntrup</code> specification,
such as functions</p>
<pre><code>sntrup1277_keypair
sntrup1277_enc
sntrup1277_dec
</code></pre>
<p>for the <code>sntrup1277</code> KEM.</p>
<p>Internally,
libntruprime includes implementations designed to work portably across CPUs,
and implementations designed for <a href="speed.html">higher performance</a>
on Intel/AMD CPUs with AVX2 instructions.
libntruprime includes automatic run-time selection of implementations.</p>
<p>libntruprime is intended to be
called by larger multi-function libraries
(such as traditional cryptographic libraries),
including libraries in other languages via FFI.
The idea is that libntruprime takes responsibility
for the details of <code>sntrup</code> computation,
including optimization, timing-attack protection, and (in ongoing work) verification,
freeing up the calling libraries to concentrate on
application-specific needs such as protocol integration.
Applications can also call libntruprime directly.</p><hr><font size=1><b>Version:</b>
This is version 2024.08.25 of the "Intro" web page.
</font>
</div>
</body>
</html>