Speed Records for NTRU

  • Jens Hermans
  • Frederik Vercauteren
  • Bart Preneel
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5985)


In this paper NTRUEncrypt is implemented for the first time on a GPU using the CUDA platform. As is shown, this operation lends itself perfectly for parallelization and performs extremely well compared to similar security levels for ECC and RSA giving speedups of around three to five orders of magnitude. The focus is on achieving a high throughput, in this case performing a large number of encryptions/decryptions in parallel. Using a modern GTX280 GPU a throughput of up to 200 000 encryptions per second can be reached at a security level of 256 bits. This gives a theoretical data throughput of 47.8 MB/s. Comparing this to a symmetric cipher (not a very common comparison), this is only around 20 times slower than a recent AES implementation on a GPU.


NTRU encryption Graphical Processing Unit Parallelization CUDA 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Atıcı, A.C., Batina, L., Fan, J., Verbauwhede, I., Yalçın, S.B.O.: Low-cost implementations of NTRU for pervasive security. In: ASAP 2008, pp. 79–84. IEEE Computer Society, Los Alamitos (2008)Google Scholar
  2. 2.
    ECRYPT AZTEC. Lightweight Asymmetric Cryptography and Alternatives to RSA (2005)Google Scholar
  3. 3.
    Bailey, D.V., Coffin, D., Elbirt, A.J., Silverman, J.H., Woodbury, A.D.: NTRU in Constrained Devices. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 262–272. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  4. 4.
    Barker, E., Barker, W., Burr, W., Polk, W., Smid, M.: Recommendation for Key Management. NIST special publication 800, 57 (2007)Google Scholar
  5. 5.
    Bernstein, D.J., Chen, H.C., Chen, M.S., Cheng, C.M., Hsiao, C.H., Lange, T., Lin, Z.C., Yang, B.Y.: The Billion-Mulmod-Per-Second PC. In: SHARCS 2009, pp. 131–144 (2009)Google Scholar
  6. 6.
    Bosma, W., Cannon, J., Playoust, C.: The Magma Algebra System I: The User Language. Journal of Symbolic Computation 24(3-4), 235–265 (1997)zbMATHCrossRefMathSciNetGoogle Scholar
  7. 7.
    Cohen, H., Frey, G., Avanzi, R.: Handbook of Elliptic and Hyperelliptic Curve Cryptography. CRC Press, Boca Raton (2006)zbMATHGoogle Scholar
  8. 8.
    Cook, D., Ioannidis, J., Keromytis, A.D., Luck, J.: Cryptographics: Secret key cryptography using graphics cards. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 334–350. Springer, Heidelberg (2005)Google Scholar
  9. 9.
    Dai, W.: Crypto++: benchmarks,
  10. 10.
    Ecrypt Ebats. ECRYPT benchmarking of asymmetric systems (2007),
  11. 11.
    Fleissner, S.: GPU-Accelerated Montgomery Exponentiation. In: Shi, Y., van Albada, G.D., Dongarra, J., Sloot, P.M.A. (eds.) ICCS 2007. LNCS, vol. 4487, pp. 213–220. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  12. 12.
    Consortium for Efficient Embedded Security. Efficient embedded security standards #1: Implementation aspects of NTRU and NSS, Version 1 (2002)Google Scholar
  13. 13.
    Gentry, C.: Key Recovery and Message Attacks on NTRU-Composite. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 182–194. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  14. 14.
    Harrison, O., Waldron, J.: AES Encryption Implementation and Analysis on Commodity Graphics Processing Units. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 209–226. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  15. 15.
    Hoffstein, J., Silverman, J.H.: Random small Hamming weight products with applications to cryptography. Discrete Applied Mathematics 130(1), 37–49 (2003)zbMATHCrossRefMathSciNetGoogle Scholar
  16. 16.
    Howgrave-Graham, N.: A Hybrid Lattice-Reduction and Meet-in-the-Middle Attack Against NTRU. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 150–169. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  17. 17.
    Howgrave-Graham, N., Nguyen, P.Q., Pointcheval, D., Proos, J., Silverman, J.H., Singer, A., Whyte, W.: The impact of decryption failures on the security of ntru encryption. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 226–246. Springer, Heidelberg (2003)Google Scholar
  18. 18.
    Intel. Intel Pentium 4 - SL8Q9 Datasheet (2008)Google Scholar
  19. 19.
    Karu, P., Loikkanen, J.: Practical Comparison of Fast Public-key Cryptosystems (2001),
  20. 20.
    Manavski, S.A.: CUDA Compatible GPU as an Efficient Hardware Accelerator for AES Cryptography. In: ICSPC 2007, November 2007, pp. 65–68. IEEE, Los Alamitos (2007)Google Scholar
  21. 21.
    Moss, A., Page, D., Smart, N.P.: Toward Acceleration of RSA Using 3D Graphics Hardware. In: Galbraith, S.D. (ed.) Cryptography and Coding 2007. LNCS, vol. 4887, pp. 364–383. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  22. 22.
    Nvidia. Compute Unified Device Architecture Programming Guide (2007)Google Scholar
  23. 23.
    Nvidia. GeForce GTX280 - GeForce GTX 200 GPU Datasheet (2008)Google Scholar
  24. 24.
    Rivest, R.L., Shamir, A., Adleman, L.M.: A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Commun. ACM 21(2), 120–126 (1978)zbMATHCrossRefMathSciNetGoogle Scholar
  25. 25.
    Settings, M.: Password crackers see bigger picture. Network Security 2007(12), 20 (2007)Google Scholar
  26. 26.
    Szerwinski, R., Güneysu, T.: Exploiting the Power of GPUs for Asymmetric Cryptography. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 79–99. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  27. 27.
    Whyte, W., Howgrave-Graham, N., Hoffstein, J., Pipher, J., Silverman, J.H., Hirschhorn, P.: IEEE P1363.1: Public Key Cryptographic Techniques Based on Hard Problems over LatticesGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Jens Hermans
    • 1
  • Frederik Vercauteren
    • 1
  • Bart Preneel
    • 1
  1. 1.ESAT/SCD-COSIC and IBBTKatholieke Universiteit LeuvenLeuven-HeverleeBelgium

Personalised recommendations