The NTRUEncrypt public key cryptosystem, also known as the NTRU encryption algorithm, is a lattice-based alternative to RSA and ECC and is based on the shortest vector problem in a lattice (i.e. is not known to be breakable using quantum computers). Operations are based on objects in a truncated polynomial ring with convolution multiplication and all polynomials in the ring have integer coefficients and degree at most N-1:
NTRU is actually a parameterised family of cryptosystems; each system is specified by three integer parameters (N, p, q) which represent the maximal degree for all polynomials in the truncated ring R, a small modulus and a large modulus, respectively, where it is assumed that N is prime, q is always larger than p, and p and q are coprime; and four sets of polynomials and (a polynomial part of the private key, a polynomial for generation of the public key, the message and a blinding value, respectively), all of degree at most .
It relies on the presumed difficulty of factoring certain polynomials in such rings into a quotient of two polynomials having very small coefficients. Breaking the cryptosystem is strongly related, though not equivalent, to the algorithmic problem of lattice reduction (solving the closest vector problem) in certain lattices. Careful choice of parameters is necessary to thwart some published attacks.
Since both encryption and decryption use only simple polynomial multiplication, these operations are very fast compared to other asymmetric encryption schemes, such as RSA, El Gamal and elliptic curve cryptography. However, NTRUEncrypt has not yet undergone a comparable amount of cryptographic analysis.
A related algorithm is the NTRUSign digital signature algorithm.