OpenSSLNTRU integrates transparent post-quantum key exchange into applications that use the OpenSSL cryptographic library. At the protocol level, OpenSSLNTRU is a TLS 1.3 modification similar to the Google-Cloudflare CECPQ2 experiment, but OpenSSLNTRU provides performance advantages, security advantages, and software-engineering advantages:

The following table shows the performance details. All cycle counts are Haswell cycles, and the 156317 is the new key-generation speed.

ntruhrss701 sntrup761
key+ciphertext traffic 2276 bytes 2197 bytes
keygen time 269191 cycles 156317 cycles
enc time 26510 cycles 46914 cycles
dec time 63375 cycles 56241 cycles
pre-quantum Core-SVP security 2^136 2^153
post-quantum Core-SVP security 2^125 2^139
cyclotomic concerns yes no

Our engntru also provides an optimized implementation for a second NTRU Prime parameters set, sntrup857, at an even higher Core-SVP security level. This implementation is backed by OpenSSLNTRU's new libsntrup857.


In support of Open Science, we provide several free and open-source software (FOSS) contributions. Check the Demo page for detailed instructions about the following software.

Contributors (alphabetical order)


This work was supported by the Cisco University Research Program under the "Post-quantum networking" project.

This work was supported by the U.S. National Science Foundation under grant 1913167. "Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation."

This project has received funding from the European Research Council (ERC) under the European Union's Horizon 2020 research and innovation programme (grant agreement No 804476).

Version: This is version 2021.12.14 of the "Intro" web page.