cryptography

NTRU crypto software available to open-source community

Security Innovation, a company that specializes in application and crypto security,  has announced availability of its NTRU public key cryptography system for free use in the open-source software community.

NTRU is a public key cryptosystem that uses lattice-based cryptography to encrypt and decrypt data. It consists of two algorithms: NTRUEncrypt, which is used for encryption, and NTRUSign, which is used for digital signatures. 

“More diversity in choice of cryptography can only make communications on the Internet safer,” the firm said, adding that NTRU is “poised to become the de facto crypto in the post-RSA world.”

RSA, an algorithm for public key encryption, and ECC, for Elliptic Curve Cryptography, are the two most common public key crypto systems in use today. But at the 2013 Black Hat conference, according to SI, researchers declared that the math for cracking encryption algorithms could soon become so efficient that it would render the RSA crypto algorithm obsolete.

The resulting crypto vacuum could set up what SI called a “cryptopocalypse,” with organizations scrambling to retrofit systems with new, yet trusted, public key crypto systems. 

With the open-source license, NTRU can be deployed in open-source products such as Web browsers and TLS/SSL servers, the firm said. For proprietary products, a commercial license is available. 

The firm cited Charles Kolodgy, research vice president for security products at IDC,  who said Internet e-commerce is “being protected by a limited set of encryption algorithms. This lack of diversity can be a single point of failure.” 

Kolodgy said that by offering NTRU under a public license, SI is “expanding the diversity of encryption available on the Internet.”

 “Open sourcing NTRU ensures that the implementation is solid and without the backdoors that we have learned about in proprietary implementations,” said William Whyte, chief scientist at SI and chair of the IEEE 1363 Working Group. 

“We are fussy in the crypto world and want to ensure that any adopted crypto is transparent and battle-tested. NTRU has been successfully scrutinized by numerous government agencies and universities for over a decade," Whyte said.

For more information, visit the NTRU Public Key Cryptography and Reference Code on GitHub. 

About the Author

Connect with the GCN staff on Twitter @GCNtech.

Reader Comments

Fri, Dec 6, 2013 Hilarion Lefuneste

Too bad NTRUSign has been broken twice, the latest being in 2012. NTRU is interesting but it's not ready for being used in the field. It would be foolish to expect high security from an algorithm that is not yet mature.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above