{"id":22377930,"url":"https://github.com/numtel/ntru-circom","last_synced_at":"2025-10-15T09:31:50.183Z","repository":{"id":264658807,"uuid":"893931891","full_name":"numtel/ntru-circom","owner":"numtel","description":"NTRU (post-quantum asymmetric lattice) encryption in Javascript and Circom","archived":false,"fork":false,"pushed_at":"2025-01-05T15:37:31.000Z","size":85,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-01-05T15:40:53.942Z","etag":null,"topics":["circom","circomkit","ntru","ntru-homomorphic-encryption","ntruencrypt"],"latest_commit_sha":null,"homepage":"https://www.npmjs.com/package/ntru-circom","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/numtel.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-11-25T13:10:32.000Z","updated_at":"2025-01-05T15:37:35.000Z","dependencies_parsed_at":"2024-11-25T16:36:03.964Z","dependency_job_id":"ea71ad0b-5464-4c09-9a86-3c6cdb168a08","html_url":"https://github.com/numtel/ntru-circom","commit_stats":null,"previous_names":["numtel/ntru-circom"],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/numtel%2Fntru-circom","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/numtel%2Fntru-circom/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/numtel%2Fntru-circom/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/numtel%2Fntru-circom/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/numtel","download_url":"https://codeload.github.com/numtel/ntru-circom/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":236600335,"owners_count":19175168,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["circom","circomkit","ntru","ntru-homomorphic-encryption","ntruencrypt"],"created_at":"2024-12-04T22:16:24.871Z","updated_at":"2025-10-15T09:31:44.881Z","avatar_url":"https://github.com/numtel.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ntru-circom\n\n**This project has not been audited and should not be used in production.**\n\nNTRU (post-quantum asymmetric lattice) encryption in Javascript and Circom\n\nSupports large keys and [additive homomorphism](test/reference.test.js#L47)\n\n## Installation\n\n\u003e [!IMPORTANT]\n\u003e Requires Node.js and Circom installed (if using circuits)\n\n```sh\n$ git clone https://github.com/numtel/ntru-circom.git\n$ cd ntru-circom\n$ npm install\n$ npm test\n\n# Run medium sized tests and output circom compilation details\n$ GO_167=1 VERBOSE=1 npm test -- -f \"decryption #2\"\n$ GO_167=1 VERBOSE=1 npm test -- -f \"encryption #2\"\n$ GO_167=1 VERBOSE=1 npm test -- -f \"together #2\"\n\n# Run large tests and output circom compilation details\n$ GO_LARGE=1 VERBOSE=1 npm test -- -f \"decryption #1\"\n$ GO_LARGE=1 VERBOSE=1 npm test -- -f \"encryption #1\"\n$ GO_LARGE=1 VERBOSE=1 npm test -- -f \"together #1\"\n```\n\n## Recommended parameters\n\n\u003e [!CAUTION]\n\u003e Default settings are not high security!\n\nDescription | \tN  |\tq  | \tp\n-----------|-----------|---|---------\nDefault | 167 | 128 | 3\n128 bit security margin (NTRU-HPS) |\t509 | \t2048 |\t3\n192 bit security margin (NTRU-HPS) |\t677 |\t2048 |\t3\n256 bit security margin (NTRU-HPS) |\t821 |\t4096 | \t3\n256 bit security margin (NTRU-HRSS) | \t701 | 8192 |\t3\n\nSource: [Wikipedia](https://en.wikipedia.org/wiki/NTRUEncrypt#Table_1:_Parameters)\n\n\u003e [!TIP]\n\u003e\n\u003e The [Choosing Parameters for NTRUEncrypt paper](https://jmschanck.info/papers/20150718-ntruparams.pdf) suggests using ~`N/3` for `df`, `dg`, `dr` parameters.\n\n## Javascript implementation\n\n```js\nimport NTRU from 'ntru-circom';\n\n// Encrypt plaintext values up to N (default 167) bits long\nconst inputStr = 'Hello World';\n\nconst ntru = new NTRU;\n\n// Generate a new private key\nntru.generatePrivateKeyF();\n// Generate a new public key\nntru.generateNewPublicKeyGH();\n\n// Encrypt the string\nconst encrypted = ntru.encryptStr(inputStr);\n\n// Decryption returns original value\nif(ntru.decryptStr(encrypted) !== inputStr) throw new Error;\n```\n\n### `constructor(options)`\n\n* `options` `\u003cObject\u003e`\n  * `N` `\u003cNumber\u003e` Coefficient count (Default: 167)\n  * `p` `\u003cNumber\u003e` Small prime field (Never changes, default: 3)\n  * `q` `\u003cNumber\u003e` Main field size (Power of 2, default: 128)\n  * `df` `\u003cNumber\u003e` Count of each non-zero (1,-1) coefficients in F (private key complexity)\n  * `dg` `\u003cNumber\u003e` Count of each non-zero (1,-1) coefficients in G (public key generation salt secret)\n  * `dr` `\u003cNumber\u003e` Count of each non-zero (1,-1) coefficients in randomness during encryption\n  * `h` `\u003cNumber[N]\u003e` Optional, specify a public key for encryptions\n\n### `loadPrivateKey(fArr)`\n\n* `fArr` `\u003cNumber[N]\u003e` Array of trinary coefficients (0, 1, -1) (Must be invertible mod q and p)\n\nLoad a specific private key. Sets `f`, `fp`, `fq` instance properties.\n\n### `generatePrivateKeyF()`\n\nGenerate a new private key. Sets `f`, `fp`, `fq` instance properties.\n\n### `generatePublicKeyGH()`\n\nGenerate a new public key. Sets `g`, `h` instance properties.\n\n### `generatePublicKeyH()`\n\nGenerate a new public key using a specific generation secret. Sets `h` instance property.\n\n### `encryptStr(inputPlain)`\n\n* `inputPlain` `\u003cString\u003e` Text to be encrypted using public key `h`\n\nReturns `\u003cNumber[N] mod q\u003e` ciphertext array of values.\n\n### `decryptStr(encrypted)`\n\n* `encrypted` `\u003cNumber[N] mod q\u003e` Ciphertext array of values\n\nReturns `\u003cString\u003e` plaintext\n\n### `encryptBits(m)`\n\n* `m` `\u003cNumber[N]\u003e` Plaintext array of trinary coefficients (0, 1, 2) up to `N` length\n\nReturns object:\n\n```\n{\n  value: \u003cNumber[N] mod q\u003e,\n  // Inputs for VerifyEncrypt circuit witness\n  input: {\n    r, // randomness\n    m, // plaintext\n    h, // public key\n    quotientE, // verify final step\n    remainderE, // encrypted ciphertext\n  },\n  // Parameters for VerifyEncrypt circuit compilation\n  params: {q, nq, N},\n}\n```\n\n### `decryptBits(e)`\n\n* `e` `\u003cNumber[N]\u003e` Ciphertext array of coefficients\n\nReturns object:\n\n```\n{\n  value: \u003cNumber[N] mod p\u003e,\n  // Inputs for VerifyDecrypt circuit witness\n  input: {\n    f, // private key\n    fp, // inverse of private key mod p\n    e, // encrypted ciphertext\n    quotient1, // verify intermediate step\n    remainder1, // verify intermediate\n    quotient2, // verify final step\n    remainder2, // decrypted plaintext\n  },\n  // Parameters for VerifyDecrypt circuit compilation\n  params: {q, nq, p, np, N},\n}\n```\n\n### `verifyKeysInputs()`\n\nGenerate the inputs and parameters for creating a `VerifyInverse` proof to prove coherency of a private key or that the public key matches the private key.\n\nThree cases are keys in the return object:\n\nCase | Usage\n-----|-----------\n`fp` | Use this to verify `fp` is derived from `f`, confirming a decryption\n`fq` | Use this as a first step if verifying `h` is derived from `f` in order to prove the user knows the private key for an encryption\n`h`  | Use this as a second step to verifying the public key\n\n\u003e [!TIP]\n\u003e In addition to verifying private key coherency (case `fp`), it is recommended to pad the message with data that can be confirmed during decryption.\n\n### Library functions\n\n```js\nimport {\n    // general polynomial operations\n    degree, // compute degree of polynomial\n    trimPolynomial, // trim leading zeros from polynomial\n    modInverse, // compute multiplicative inverse mod p\n    addPolynomials,\n    subtractPolynomials,\n    multiplyPolynomials,\n    dividePolynomials,\n    multiplyPolynomialsByScalar,\n\n    // for inverting polynomials\n    extendedEuclidianAlgorithm,\n    polyInv,\n\n    // create a random array of given length with set number of 1, -1 values\n    generateCustomArray,\n\n    expandArrayToMultiple,\n    expandArray,\n\n    // format helpers\n    stringToBits,\n    bitsToString,\n    bigintToBits,\n    bitsToBigInt,\n\n    packOutput, // helper for invoking CombineArray template\n    unpackInput, // helper for invoking UnpackArray template\n} from 'ntru-circom';\n```\n\n## Circom Templates\n\n```circom\ninclude \"ntru-circom/circuits/ntru.circom\";\n```\n\n### `VerifyEncrypt`\n\nVerifies that a ciphertext matches a given plaintext, publickey, and randomness.\n\n### `VerifyDecrypt`\n\nVerifies that a plaintext matches a given ciphertext and privatekey.\n\n### `VerifyInverse`\n\nVerify that the private key is coherent (`f` matches `fp` or `fq`) or that the public key is derived from a specific private key (`h` matches `fq` and `g`).\n\n### `CombineArray`/`UnpackArray`\n\nFor importing or exporting data with fewer signals\n\n## References\n\n* [NTRUEncrypt on Wikipedia](https://en.wikipedia.org/wiki/NTRUEncrypt)\n* [pointedsphere/NTRU_python](https://github.com/pointedsphere/NTRU_python)\n* [Choosing Parameters for NTRUEncrypt](https://jmschanck.info/papers/20150718-ntruparams.pdf)\n* [A Chosen-Ciphertext Attack against NTRU](https://www.iacr.org/archive/crypto2000/18800021/18800021.pdf)\n\n## License\n\nMIT\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnumtel%2Fntru-circom","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnumtel%2Fntru-circom","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnumtel%2Fntru-circom/lists"}