Optimizations for NTRU

In this note we describe a variety of methods that may be used to increase the speed and efficiency of the NTRU public key cryptosystem. 1991 Mathematics Subject Classification: 94A60, 11T71. 1. An Overview of NTRU The NTRU Public Key Cryptosystem is based on ring theory and relies for its security on the difficulty of solving certain lattice problems. In this section we will briefly review the properties of NTRU that are relevant to the topics in this paper. For further details and a security analysis of NTRU, see [HPS,S1,S2]. A general formulation of the NTRU Public Key Cryptosystem uses a ring R and two (relatively prime) ideals p and q in R. A rough outline of the key creation, encryption, and decryption processes is as follows: • Key Creation Bob creates a public key h by choosing elements f, g ∈ R, computing the mod q inverse f−1 q of f , and setting h ≡ f−1 q ∗ g (mod q). Bob’s private key is the element f . Bob also precomputes and stores the mod p inverse f−1 p of f . • Encryption In order to encrypt a plaintext message m ∈ R using the public key h, Alice selects a random element r ∈ R and forms the ciphertext e ≡ r ∗ h + m (mod q). • Decryption In order to decrypt the ciphertext e using the private key f , Bob first computes