Application security company Security Innovation released its NTRU public key cryptography system to the open source community for free in a bid to address challenges facing popular public-key crypto systems today.
According to Security Innovation, NTRU is a lattice-based public key cryptosystem meant to serve as an alternative to RSA and Elliptic Curve Cryptography (ECC). Developed in 1996, NTRU compromises three algorithms: NTRUEncrypt, NTRUSign and PASSSign. It has been adopted n the IEEE and X9 standards, and at “comparable cryptographic strength”, performs costly private key operations much faster than RSA or ECC, according to the company. As key sizes increase by a factor of n, RSA’s operations decrease by about n3 compared to n2 for NTRU.
With the GNU Public License (GPL) open source license, NTRU can be deployed in open source products. A commercial license is available to incorporate it into a proprietary product.
“The open source licensing of the NTRU crypto system will make it easier for wide-spread adoption of our X9.98 standard, allowing Financial Services companies to protect their important financial transactions,” said executive director Cynthia Fuller of Accredited Standards Committee X9 Financial Industry Standards, in a statement.
According to Security Innovations, NTRU can enhance data security with its speed.
“Any application that requires fast performance (large amounts of data to be protected in a short amount of time) and/or high-levels of security for the next 10 years would benefit from the NTRU solution,” the company stated in a frequently asked questions section. “Furthermore, the small code size (small footprint) of the NTRU implementations make it suitable for even small embedded processors.”
“These applications include Payment Systems, secure messaging and email, mobile eCommerce, Healthcare, Near Field Communications (NFC), Vehicle Communications (V2V, V2I), Military/Aerospace, Web Browsers and Servers, Remote Backup Solutions, Voice over IP (VoIP), Online Presentations/Virtual Classrooms, Infrastructure (Railway switching, Traffic lights, etc), Utility meters and Cloud Provides/Datacenters,” the company continuned.
Open sourcing NTRU ensures that the implementation is solid and without the backdoors that we have learned about in proprietary implementations, Dr. William Whyte, chief scientist at Security Innovation and chair of the IEEE 1363 Working Group, said in a statement.
“We are fussy in the crypto world, and want to ensure that any adopted crypto is transparent and battle-tested,” he said. “NTRU has been successfully scrutinized by numerous government agencies and universities for over a decade.”