OpenSSLNTRU integrates transparent post-quantum key exchange into applications that use the OpenSSL cryptographic library. At the protocol level, OpenSSLNTRU is a TLS 1.3 modification similar to the Google-Cloudflare CECPQ2 experiment, but OpenSSLNTRU provides performance advantages, security advantages, and software-engineering advantages:

The following table shows the performance details. All cycle counts are Haswell cycles, and the 166000 is the new key-generation speed.

ntruhrss701 sntrup761
key+ciphertext traffic 2276 bytes 2197 bytes
keygen time 272028 cycles 166000 cycles
enc time 26116 cycles 48780 cycles
dec time 63632 cycles 59120 cycles
post-quantum Core-SVP security 2^125 2^139
cyclotomic concerns yes no

Contributors (alphabetical order)


This work was supported by the Cisco University Research Program under the "Post-quantum networking" project.

This work was supported by the U.S. National Science Foundation under grant 1913167. "Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation."

This project has received funding from the European Research Council (ERC) under the European Union's Horizon 2020 research and innovation programme (grant agreement No 804476).

Version: This is version 2020.09.28 of the "Intro" web page.