[PATCH] Add NTRUEncrypt public key encryption algorithm

Werner Koch wk at gnupg.org
Wed Sep 9 10:39:06 CEST 2015

On Tue,  8 Sep 2015 20:45, zzhang at securityinnovation.com said:

> Can I please ask what is the right approach to get this patch included in a
> release?

One question is whether we want to include this algorithm.  I see
several reasons not to do this:

 - Post quantum crypto is quite young and as of now mostly an academic
   exercise.  However, inclusion in a general purpose crypto library
   might be worth for algorithms which are likely going to be used in
   some future.  I can't decide on this and would for example ask Tanja
   Lange for her opinion on NTRU.

 - The code implementing the algorithm is under the GPL and thus can't
   be used by Libgcrypt because that would change Libgcrypt from LGPLv2+
   to GPLv2+ which we do not want.

 - The patent exception for that algorithm may work for GPL code but
   needs a closer look by a lawyer.  But GPL excludes its use anyway.

Another question is whether this implementation is techincal okay to be

> +  libntruencrypt 1.0.0

A dependency on an external library implementing the agorithm is not
going to work.  We want the algorithm implementation in Libgcrypt proper.

> --- a/autogen.sh
> +++ b/autogen.sh
> @@ -277,7 +277,7 @@ if [ "$myhost" = "amd64" ]; then
>          fi
>      fi
> -    $tsdir/configure --enable-maintainer-mode ${SILENT} \
> +    $tsdir/configure --enable-maintainer-mode --enable-ntru ${SILENT} \

Extra options need to go into autogen.rc.  In any case only options
required to build on a specific platform should be added to autogen.rc. 

> diff --git a/cipher/base64.c b/cipher/base64.c

> + *  This program is free software; you can redistribute it and/or modify
> + *  it under the terms of the GNU General Public License as published by

You can't put GPL code into Libgcrypt which is under the LGPL.

> +int base64_encode( unsigned char *dst, size_t *dlen,
> +                   const unsigned char *src, size_t slen )

GNU coding standard please.

> +	GCRY_PK_USAGE_ENCR,         //  int use;

No C++ comments please.

> +{
> +    fprintf (stderr,"NTRU compute keygrip function not required/implemented\n");

Libgcrypt has its own log functions - do not use printf.

> +    uint8_t                     *public_key;                            /* sized for EES401EP2 */
> +    uint16_t                    public_key_len;

Do not use these C99 types - we stick to C90.  Use unsigned char or byte
instead of uint8_t and our u16 type instead of uint16_t.

> +    pers_str    = (uint8_t*)_gcry_random_bytes (32, GCRY_WEAK_RANDOM);

There is no need to case a void * - we are not doing C++.

> +    public_key  = (uint8_t *) malloc (_MAX_NTRU_BUF_SIZE_);
> +    private_key = (uint8_t *) malloc (_MAX_NTRU_BUF_SIZE_);
> +
> +    memset(public_key, 0, _MAX_NTRU_BUF_SIZE_);
> +    memset(private_key, 0, _MAX_NTRU_BUF_SIZE_);

Ditto.  You also missed to check for errors.




Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gcrypt-devel mailing list