NTRU encryption, NTRU implementation
Key Size
Generate NTRU Key Size
Password+Salt unique Combination will generate same NTRU key pair Password Salt
NTRU Encryption/Decryption Encrypt Message Decrypt Message
NTRU Public Key NTRU Private Key lattice based cryptography ntru encryption example

NTRU is an open source public-key cryptosystem that uses lattice-based cryptography to encrypt and decrypt data. It consists of two algorithms: NTRUEncrypt, which is used for encryption, and NTRUSign, which is used for digital signatures. Unlike other popular public-key cryptosystems, it is resistant to attacks using Shor's algorithm and its performance has been shown to be significantly better. NTRU was patented but was placed in public domain in 2017

NTRU's main strengths are high performance and resistance to quantum computer attacks.
NTRU keys are longer than ECC keys; they can be longer or shorter than RSA keys depending on the security level.
The NTRUSign algorithm has been broken and is included only for historical interest.

NTRUEncrypt remains unbroken;

ClearText Message output

Any private key value that you enter or we generate is not stored on this site, this tool is provided via an HTTPS URL to ensure that private keys cannot be stolen, for extra security run this software on your network, no cloud dependency

NTRU implementation

Ref: https://github.com/tbuktu/ntru


N: number of polynomial coefficients
q: modulus
df: number of ones in the private polynomial
dm0: minimum acceptable number of -1's, 0's, and 1's in the polynomial
maxM1: maximum absolute value of mTrin.sumCoeffs() or zero to disable this check. Values greater than zero cause the constant coefficient of the message to always be zero.
db: number of random bits to prepend to the message; should be a multiple of 8
ca: parameter for the Index Generation Function ({@link IndexGenerator})
minCallsR: minimum number of hash calls for the IGF to make
minCallsMask: minimum number of calls to generate the masking polynomial
hashSeed whether to hash the seed in the MGF first (true) or use the seed directly (false)
oid: three bytes that uniquely identify the parameter set
sparse: whether to treat ternary polynomials as sparsely populated
fastFp: ternary true or False
hashAlga valid identifier SHA-256

parameter set that gives 256 bits of security and is optimized for key size
EES1087EP2 =(1087, 2048, 120, 120, 0, 256, 13, 25, 14, true, new byte[] {0, 6, 3}, true, false, "SHA-512");

EES1087EP2_FAST = (1087, 2048, 8, 8, 11, 120, 0, 256, 13, 25, 14, true, new byte[] {0, 6, 3}, true, true, "SHA-512");

parameter set that gives 256 bits of security and is a tradeoff between key size and encryption/decryption speed.
EES1171EP1 = (1171, 2048, 106, 106, 0, 256, 13, 20, 15, true, new byte[] {0, 6, 4}, true, false, "SHA-512");

EES1171EP1_FAST = (1171, 2048, 8, 7, 11, 106, 0, 256, 13, 20, 15, true, new byte[] {0, 6, 4}, true, true, "SHA-512");

parameter set that gives 256 bits of security and is optimized for encryption/decryption speed.
EES1499EP1 = (1499, 2048, 79, 79, 0, 256, 13, 17, 19, true, new byte[] {0, 6, 5}, true, false, "SHA-512");

EES1499EP1_FAST = (1499, 2048, 7, 6, 11, 79, 0, 256, 13, 17, 19, true, new byte[] {0, 6, 5}, true, true, "SHA-512");

parameter set that gives 128 bits of security and uses simple ternary polynomials. */
APR2011_439 = (439, 2048, 146, 130, 126, 128, 12, 32, 9, true, new byte[] {0, 7, 101}, true, false, "SHA-256");

his parameter set gives 128 bits of security but uses product-form polynomials
APR2011_439_FAST = (439, 2048, 9, 8, 5, 130, 126, 128, 12, 32, 9, true, new byte[] {0, 7, 101}, true, true, "SHA-256");

parameter set that gives 256 bits of security and uses simple ternary polynomials
APR2011_743 = (743, 2048, 248, 220, 60, 256, 12, 27, 14, true, new byte[] {0, 7, 105}, false, false, "SHA-512");

parameter set gives 256 bits(Recommedned)
APR2011_743_FAST = (743, 2048, 11, 11, 15, 220, 60, 256, 12, 27, 14, true, new byte[] {0, 7, 105}, false, true, "SHA-512");