Software Optimizations of NTRUEncrypt for Modern Processor Architectures

This paper describes software optimizations for the post-quantum public-key encryption scheme NTRUEncrypt. We build upon the, to the best of our knowledge, fastest open-source NTRUEncrypt library and optimize it by taking advantage of AVX2 and AVX512 SIMD instructions as well as the AES-NI built-in encryption functions. We show that, on modern processors, using AVX2 yields performance gains of 23% for encryption and 37% for the decryption operation. For the future AVX512 we use a publicly available emulator, since no supporting processor is on the market yet, and report that for the decryption only about half of the instructions compared to the current code are needed to be executed. Furthermore, we propose replacing the SHA hash functions by pipelined AES-NI for faster randomness generation. With both optimizations enabled, we achieve performance improvements of 1.82x for encryption and 1.74x for decryption with a parameter set that provides 256 bits of security.