Our great sponsors
-
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
I have a really old (college) implementation of plain old NTRU in Python, if you'd like a little insight into what NTRU is and how it works at a superficial level (kind of like how RSA is never textbook RSA). There are also some slides explaining the math, but you have to be comfortable with some college level group theory (even reading my own slides is hard because I haven't used it since then).
The short answer is that NTRU uses convolution polynomial lattices. Breaking the cryptosystem requires finding a "short" basis for a lattice described by the private key. There are efficient algorithms for this in R^2, but not for high dimensional convolutional polynomial spaces (LLL Reduction is the best I'm aware of, which is greater than O(d^5) where d is the number of dimensions https://en.wikipedia.org/wiki/Lenstra%E2%80%93Lenstra%E2%80%...).
Do note the impl I did is absolutely terrible and probably subtly buggy but might get the idea across. Also, it splits the message into blocks and encrypts that instead of just wrapping a symmetric encryption algorithm because I was young and naive. :)
https://github.com/logannc/pyNTRUEncrypt
Different keys.
For example, you might currently be using a public/private keypair for 4096-bit RSA. That keypair (by definition) only works for the RSA key exchange algorithm. Likewise, an x22519 keypair is for the x25519 key exchange.
A sntrup761x25519 keypair will be its own thing. As an aside, a sntrup761x25519 public key will be two public keys glued together (one for each algorithm). [1] Likewise for the private key.
(one could reuse an existing x25519 keypair for the x25519 component of sntrup761x25519, but it seems like a bad idea)
[1] https://github.com/openssh/openssh-portable/blob/master/kexs...