Key Encapsulation
NTRU Prime
NTRU Prime (Streamlined / Light NTRU Prime)
non-FIPSlattice-based1 parameter setsQNSP tier: default+provider: liboqsalso called: sntrup761, ntrulpr761
NTRU variant designed to use a prime-degree ring polynomial, removing certain structural concerns. Notably deployed in OpenSSH's default post-quantum key exchange.
Mechanism
How it works
NTRU Prime uses an irreducible prime-degree ring polynomial x^p - x - 1, avoiding the smooth-factorisation structure of x^n - 1. Two variants: Streamlined NTRU Prime (sntrup) and Light NTRU Prime (ntrulpr).
Parameter Sets
1 variants shipped
Each variant trades security category against key, ciphertext, or signature size. QNSP exposes all variants via the @cuilabs/liboqs-native binding; tenant crypto-policy determines which are allowed.
| Variant | NIST Level | Public Key | Secret Key | Ciphertext | Note |
|---|---|---|---|---|---|
| sntrup761 | L3 | 1,158 B | 1,763 B | 1,039 B | Default post-quantum KEM in OpenSSH 9.0+. Recognisable name to network security buyers. |
NIST ACVP
Conformance evidence
QNSP runs the official NIST ACVP test vectors against every shipped algorithm. Live evidence + SHA-3-256 tamper digest at /verify/conformance.
@noble/post-quantum
non-addressablePure-JavaScript reference; cross-verification secondary on Maximum + Government tiers.
@cuilabs/liboqs-native
non-addressableNative-C primary production engine. Runs across every QNSP backend service.
Use Cases
When to use it
- Compatibility with OpenSSH PQ key exchange
- Customers preferring prime-degree NTRU variants
Trade-offs
What you give up, what you get
- Recognisable in SSH ecosystem
- Smaller liboqs surface than ML-KEM or HQC
References