NTRU Encryption Online

Post-Quantum Lattice-based Public Key Cryptography

Lattice-based APR2011 / EES Quantum Resistant
Created by @anish2good - Cryptography Engineer
Generate NTRU Key Pair
Password + Salt derives deterministic keys for recovery.
Operation Mode
Message
NTRU Keys click to expand
About NTRU Encryption

NTRU is a lattice-based public key cryptosystem that's resistant to quantum computer attacks.

  • Post-Quantum: Secure against Shor's algorithm
  • Fast: Faster than RSA for similar security levels
  • APR2011: Parameter sets from 2011 IEEE paper
  • EES: Encryption parameter sets for different security levels
Related Post-Quantum Tools
NTRU Encryption (This Tool) RSA Encryption ElGamal Encryption Elliptic Curve Cryptography

Support This Free Tool

Every coffee helps keep the servers running. Every book sale funds the next tool I'm dreaming up. You're not just supporting a site — you're helping me build what developers actually need.

500K+ users
200+ tools
100% private
One-time support Buy me a coffee 📚 Learn & support 9-Book Bundle - $9 Stay updated Follow @anish2good
Privacy Guarantee: Private keys you enter or generate are never stored on our servers. All tools are served over HTTPS.

What is NTRU?

NTRU (N-th degree Truncated polynomial Ring Units) is one of the oldest and most studied post-quantum cryptographic algorithms, first proposed in 1996 by mathematicians Jeffrey Hoffstein, Jill Pipher, and Joseph H. Silverman.

Unlike RSA and ECC which can be broken by quantum computers using Shor's algorithm, NTRU's security is based on the hardness of the Shortest Vector Problem (SVP) in lattices - a problem believed to be resistant to quantum attacks.

Quantum Threat Comparison

Algorithm Type Quantum Safe? Status
RSA Integer Factorization Broken by Shor's Migrate away
ECC / ECDSA Discrete Log (Curves) Broken by Shor's Migrate away
NTRU Lattice (SVP) Quantum Resistant Safe to use
CRYSTALS-Kyber Lattice (MLWE) Quantum Resistant NIST Standard

NTRU Parameter Sets click to expand

NTRU supports multiple parameter sets for different security/performance trade-offs:

APR2011 Family

From 2011 IEEE paper - recommended for most uses

  • APR2011_743_FAST - 256-bit security (recommended)
  • APR2011_743 - 256-bit (non-optimized)
  • APR2011_439_FAST - 128-bit security
  • APR2011_439 - 128-bit (smaller keys)
EES Family (IEEE 1363.1)

Standardized parameter sets

  • EES1499EP1 - 256-bit (highest security)
  • EES1171EP1 - 192-bit security
  • EES1087EP2 - 112-bit security
  • All have _FAST optimized variants

Real-World Adoption click to expand

OpenSSH 9.0+

Uses NTRU + X25519 hybrid key exchange by default since August 2022

Google Chrome

CECPQ2 experiment tested NTRU for post-quantum TLS

IEEE 1363.1

Standardized in 2008 for lattice-based public-key cryptography

Fun Fact: NTRU was patented but released to the public domain in 2017, making it freely available for any use.

NIST Post-Quantum Standardization click to expand

NIST's Post-Quantum Cryptography Standardization project evaluated algorithms resistant to quantum attacks:

Algorithm Type NIST Status
CRYSTALS-Kyber KEM (Lattice/MLWE) Selected Standard
NTRU KEM (Lattice/SVP) Round 3 Finalist
NTRU Prime KEM (Lattice) Round 3 Alternate
CRYSTALS-Dilithium Signature Selected Standard

While Kyber was selected as the primary KEM standard, NTRU remains widely deployed and is considered secure.

Code Examples click to expand 

// Java - Using BouncyCastle NTRU
import org.bouncycastle.pqc.jcajce.provider.BouncyCastlePQCProvider;
import org.bouncycastle.pqc.jcajce.spec.NTRUParameterSpec;

Security.addProvider(new BouncyCastlePQCProvider());

// Generate key pair
KeyPairGenerator kpg = KeyPairGenerator.getInstance("NTRU", "BCPQC");
kpg.initialize(NTRUParameterSpec.ntruhrss701);
KeyPair kp = kpg.generateKeyPair();

// Encrypt
Cipher cipher = Cipher.getInstance("NTRU", "BCPQC");
cipher.init(Cipher.ENCRYPT_MODE, kp.getPublic());
byte[] ciphertext = cipher.doFinal(plaintext);
# Python - Using ntru library
from ntru import NTRUEncrypt

# Initialize with parameter set
ntru = NTRUEncrypt(N=743, p=3, q=2048)

# Generate keys
public_key, private_key = ntru.generate_keypair()

# Encrypt message
ciphertext = ntru.encrypt(message, public_key)

# Decrypt message
plaintext = ntru.decrypt(ciphertext, private_key)
// C - Using libntru
#include "ntru.h"

// Generate key pair
NtruEncKeyPair kp;
NtruRandGen rng = NTRU_RNG_DEFAULT;
ntru_gen_key_pair(&NTRU_DEFAULT_PARAMS_128_BITS, &kp, &rng);

// Encrypt
uint8_t enc[NTRU_MAX_ENC_LEN];
uint16_t enc_len;
ntru_encrypt(msg, msg_len, &kp.pub, &NTRU_DEFAULT_PARAMS_128_BITS,
             &rng, enc, &enc_len);

// Decrypt
uint8_t dec[NTRU_MAX_MSG_LEN];
uint16_t dec_len;
ntru_decrypt(enc, &kp, &NTRU_DEFAULT_PARAMS_128_BITS, dec, &dec_len);

Performance vs RSA click to expand

Why NTRU is faster:
  • RSA: Private key operations scale as O(n3) with key size
  • NTRU: Operations scale as O(n2) - quadratic vs cubic
  • At 256-bit security, NTRU is significantly faster for decryption
  • Key sizes are comparable to RSA at equivalent security
Relative Speed (Decryption)
NTRU
Fast
RSA-2048
Slower

Learn More

Official Resources
Related 8gwifi.org Tools
Quick Access