Key Encapsulation
NTRU
Number Theoretic Research Unit Cryptosystem
non-FIPSlattice-based2 parameter setsQNSP tier: default+provider: liboqsalso called: NTRU-HRSS, NTRU-HPS
One of the oldest lattice-based KEMs, in continuous study since 1996. NTRU was a NIST PQC finalist but not selected for FIPS standardisation in favour of ML-KEM.
Mechanism
How it works
NTRU operates over polynomial rings Z[x] / (x^n - 1) with small-coefficient polynomial inverses. Multiple parameter sets exist across NTRU-HPS and NTRU-HRSS variants.
Parameter Sets
2 variants shipped
Each variant trades security category against key, ciphertext, or signature size. QNSP exposes all variants via the @cuilabs/liboqs-native binding; tenant crypto-policy determines which are allowed.
| Variant | NIST Level | Public Key | Secret Key | Ciphertext | Note |
|---|---|---|---|---|---|
| ntru_hps2048509 / 677 / 821 / 1229 | L1 | 699 B | 935 B | 699 B | |
| ntru_hrss701 / 1373 | L3 | 1,138 B | 1,450 B | 1,138 B |
NIST ACVP
Conformance evidence
QNSP runs the official NIST ACVP test vectors against every shipped algorithm. Live evidence + SHA-3-256 tamper digest at /verify/conformance.
@noble/post-quantum
non-addressablePure-JavaScript reference; cross-verification secondary on Maximum + Government tiers.
@cuilabs/liboqs-native
non-addressableNative-C primary production engine. Runs across every QNSP backend service.
Use Cases
When to use it
- Migration from legacy NTRU deployments
- Research and comparative analysis
Trade-offs
What you give up, what you get
- Not on the NIST standardisation path — defer to ML-KEM for new deployments
- 30+ years of cryptanalytic study
References