Implement NTRU Prime #25
Description
Estimate: 2 weeks?
Seems like sntrup761x25519 is the default key exchange algorithm in SSH nowadays.
- NTRU Prime is based on problems in structured lattices (specifically, rings with no subfields), aiming to avoid known algebraic attacks that could affect schemes with richer algebraic structure.
- ML-KEM (Kyber) is based on Module-LWE (Learning With Errors over modules), which, while considered secure, does rely on algebraic structures (rings and modules) that have been the target of past attacks (such as those on older NTRU and Ring-LWE-based schemes).
https://ntruprime.cr.yp.to, https://www.ietf.org/archive/id/draft-josefsson-ntruprime-streamlined-00.html