NTRU support about mbedtls HOT 7 CLOSED

Is there a compelling reason to support NTRU?

from mbedtls.

https://www.securityinnovation.com/uploads/CyaSSL%20and%20NTRU%20Data%20Sheet.pdf

from mbedtls.

Pointing to a marketing sheet from another library is not an argument.. Is there a compelling reason?

from mbedtls.

The main argument is that the NTRU seems to be a much better option than RSA or ECC. Whether it's a compelling reason? Is there a compelling reason to use RSA vs ECC or sha256/512 vs md5/sha1? Different people have different answers.

http://middleware.internet2.edu/idtrust/2009/papers/07-perlner-quantum.pdf
http://www.math.brown.edu/~jpipher/NTRUSign_RSA.pdf

from mbedtls.

The fact that the patent-holders and implementors of NTRU say it is better, is not an argument for us. There is no convincing support to prefer NTRU over RSA/ECC in the cryptography community in general.

The arguments for RSA / ECC are much better acceptance / peer-review world wide than NTRU
The arguments for SHA256/512 vs MD5/SHA1 -> Not-broken and more research vs broken MD5/SHA-1.

The primary reason why we are hesitant to add NTRU is that it is patented / GPL-only: PolarSSL has no 'special features' in either the GPL or commercial version that the other version does not have. We can only use NTRU in the GPL version of the library, not the commercial one, without licensing fees. The patents will expire in 4 years. So then this discussion point is moot.

from mbedtls.

Thank you for the clarification - I understand why the addition of NTRU can be problematic. There is also a commercial license (polarssl). This doesn't change the fact that it will gradually have to look for solutions such as NTRU - new versions of D-Wave will become more dangerous to conventional cryptography. There is also (old) McEliece as alternative to NTRU.
Do I have to close this issue?

from mbedtls.

When D-Wave actually becomes a realistic issue, the crypto community in general will move to other public algorithms..

from mbedtls.