Skip To Main Content
Intel logo - Return to the home page
My Tools

Select Your Language

  • Bahasa Indonesia
  • Deutsch
  • English
  • Español
  • Français
  • Português
  • Tiếng Việt
  • ไทย
  • 한국어
  • 日本語
  • 简体中文
  • 繁體中文
Sign In to access restricted content

Using Intel.com Search

You can easily search the entire Intel.com site in several ways.

  • Brand Name: Core i9
  • Document Number: 123456
  • Code Name: Emerald Rapids
  • Special Operators: “Ice Lake”, Ice AND Lake, Ice OR Lake, Ice*

Quick Links

You can also try the quick links below to see results for most popular searches.

  • Product Information
  • Support
  • Drivers & Software

Recent Searches

Sign In to access restricted content

Advanced Search

Only search in

Sign in to access restricted content.

The browser version you are using is not recommended for this site.
Please consider upgrading to the latest version of your browser by clicking one of the following links.

  • Safari
  • Chrome
  • Edge
  • Firefox

Intel® Cryptography Primitives Library

Secure, fast, lightweight building blocks for cryptography-focused programming.


Develop highly performant and secure applications using our open-source software library.


  • Overview
  • Download
  • Documentation & Resources

Open Standards and Performance in Security Programming

Develop highly performant, lightweight, and secure applications using our open source software library. Ideal for securing data in storage and in flight.

  • Cross-platform API 
  • Security (constant-time running for secret processing functions)
  • Data protection in the post-quantum era
  • Federal Information Processing Standards (FIPS) 140 compliance
  • Designed for the small footprint size, optimized for Intel® CPUs
  • Configurable CPU dispatching 
  • Kernel mode compatibility
  • Thread-safe design

Privacy, security, and safety in many use cases and segments:

  • Data security and ID verification
  • Privacy and encryption
  • Cloud and database security
  • Telecommunications
  • Banking
  • Multimedia
  • Autonomous driving
  • Smart city
  • Industry
  • And more

Download binaries from Intel or choose your preferred repository.

Download Stand-Alone Version
Download as Part of the Intel® oneAPI Base Toolkit

 

Open Source

GitHub

Supported Cryptography Routines

 

The library provides a comprehensive set of routines commonly used for cryptographic operations, including:

Symmetric Cryptography Primitive Functions

  • AES (ECB, CBC, CTR, OFB, CFB, XTS, GCM, CCM, SIV)
  • SM4 (ECB, CBC, CTR, OFB, CFB, CCM)
  • TDES (ECB, CBC, CTR, OFB, CFB)
  • RC4

One-Way Hash Primitives

  • SHA-1, SHA-224, SHA-256, HSA-384, SHA-512
  • MD5
  • SM3 

Data Authentication Primitive Functions

  • HMAC
  • AES-CMAC

Public Key Cryptography Functions

  • RSA, RSA-OAEP, RSA-PKCS_v15, RSA-PSS
  • DLP, DLP-DSA, DLP-DH
  • ECC (NIST curves), ECDSA, ECDH, EC-SM2

Arithmetic

  • Multibuffer RSA, ECDSA, ECDH, x25519, SM2, SM3, SM4, and more
  • Finite field arithmetic functions
  • Big number integer arithmetic functions
  • PRNG/TRNG and prime numbers generation

FIPS 140 and Post-Quantum

  • FIPS 140 Compliance
  • Post-quantum XMSS, LMS

For the full list, see the system requirements.

Built-In Optimizations

Stay at the forefront of cryptographic performance with built-in optimizations.

  • Hardware cryptography instructions (AES-NI, SHA extensions) 
  • Multibuffer processing 
  • Algorithmic optimizations:
    • Karatsuba multiplication algorithm
    • Montgomery modular multiplication scheme
    • Precomputed value tables of values
    • Folding approach for multiply-reduce routines

 

Intel Cryptography Primitives Library offers XMSS and LMS, which are stateful hash-based PQC signatures. While XMSS uses larger keys and signatures, it is a great option for long-term security applications. On the other hand, LMS has a smaller footprint with smaller keys and strikes a great balance between efficiency and security.

Post-Quantum Cryptography

 

This field of cryptography focuses on developing cryptographic algorithms that are resistant to attacks from quantum computers. These algorithms are based on mathematical problems that are thought to be difficult to solve, even for quantum computers. Some types of post-quantum cryptographic algorithms include lattice-based cryptography, hash-based, code-based, and multivariate.

 

National Institute of Standards and Technology (NIST) Post-Quantum Cryptography Standardization:

  • Post-Quantum Cryptography (PQC)
  • NIST Releases First Three Finalized Post-Quantum Encryption Standards

Post-Quantum Encryption Support:

  • Post-Quantum Algorithms in Intel® Cryptography Primitives Library
  • eXtended Merkle Signature Scheme (XMSS)
  • Hash-Based Leighton-Micali Signatures (LMS)
  • Example Code

Federal Information Processing Standards (FIPS) Compliant APIs

​The Intel Cryptography Primitives Library provides FIPS-mode API building blocks (such as self-tests an FIPS-approved functionality status query), which can help the end users to fulfill FIPS Level 1 requirements. ​

Intel Cryptography Primitives Library releases have Cryptographic Algorithm Validation Program (CAVP) testing and certification done but do not have a full Cryptographic Module Validation Program certificate since the context of using its algorithms depends on the higher-level, end-user application.

 

​NIST Documentation

  • FIPS 140: Provides the standard ensuring the security of cryptographic modules. See FIPS General Information. 
  • FIPS 140-2*: Minimum security requirements for cryptographic modules in information technology products. See Information Technology Management Reform Act of 1996.
  • FIPS 140-3: Aligns with ISO/IEC 19790:2012. It regulates vendor evidence and testing for validation authority.​ 
FIPS Structure

FIPS Cryptography API Flowchart

  1. Intel Cryptography Primitives Library uses special structures (Spec and States) to store context information and provides service functions to work with context (for example, initialization).
  2. Cryptographic Algorithms API (both FIPS compliant and not FIPS compliant).
  3. FIPS self-tests the API and service to query if the algorithm is FIPS compliant.
  4. Version information, dispatcher control.
  5. Chooses the optimal code path depending on hardware features and application settings (through the Dispatcher control API).
  6. The algorithms may have multiple code branches for different hardware architectures, and different compilation flags may be used to achieve better performance.

Benchmarks

These benchmarks illustrate the performance capabilities of the Intel Cryptography Primitives Library.

Security and Privacy for All Aspects of Business and Daily Life

Security and privacy are important in the physical and digital worlds. The Intel Cryptography Primitives Library handles both with high reliability.

Privacy is the right to control how your information is viewed and used, while security is protection against threats or danger.

Security generally refers to the unauthorized access of data, often involving protection against hackers or cybercriminals. It includes protecting your data from malicious attacks and the exploitation of stolen data.

All cryptography algorithms included in this library undergo rigorous testing and cryptography internal standards compliance reviews before being published.

Intel Cryptography Primitives Library makes it accessible and scalable to meet security and privacy goals of modern cybersecurity.

Intel Security Principles

What's New in 2025

  • SM4 and SHA-512 hash algorithms optimized for Intel® Core™ Ultra 200V processors and Intel Core Ultra 200S processors. 
  • Advanced AES-GCM performance on Intel® Xeon® 6 processors and Intel® Core™ Ultra mobile processor and desktop processors.
  • New HMAC-based key derivation function (HKDF) algorithms for short and strong secret keys to protect data and secure communication.
  • New XMSS key and signature generation and enhanced SHA3 algorithms to protect data against classic and quantum computing threats.
  • Optimized LMS PQC algorithm.

Get Help

Intel Support

Your success is our success. Access these support resources when you need assistance.

Intel Cryptography Primitives Library issues (GitHub)

Priority Support from Intel (available to customers who purchased a support plan)

How to Contribute

We welcome community contributions to the Intel Cryptography Primitives Library.

If you have an idea of how to improve the product:

  • Review the contribution rules.
  • Send your proposal directly using a pull request.
     

Join the Community

Also Available: Intel® Multi-Buffer Crypto for IPSec

Separately available, this library provides software crypto acceleration. The library is designed primarily for packet processing applications.

This library is used as a software crypto provider in DPDK*, Intel® QuickAssist Technology Engine for OpenSSL*, and FD.io*.

It's ideal for applications such as:

  • IPSec
  • Transport Layer Security (TLS)
  • Wireless (RAN)
  • Cable
  • MPEG DRM

Download on GitHub

 

  • Company Overview
  • Contact Intel
  • Newsroom
  • Investors
  • Careers
  • Corporate Responsibility
  • Inclusion
  • Public Policy
  • © Intel Corporation
  • Terms of Use
  • *Trademarks
  • Cookies
  • Privacy
  • Supply Chain Transparency
  • Site Map
  • Recycling
  • Your Privacy Choices California Consumer Privacy Act (CCPA) Opt-Out Icon
  • Notice at Collection

Intel technologies may require enabled hardware, software or service activation. // No product or component can be absolutely secure. // Your costs and results may vary. // Performance varies by use, configuration, and other factors. Learn more at intel.com/performanceindex. // See our complete legal Notices and Disclaimers. // Intel is committed to respecting human rights and avoiding causing or contributing to adverse impacts on human rights. See Intel’s Global Human Rights Principles. Intel’s products and software are intended only to be used in applications that do not cause or contribute to adverse impacts on human rights.

Intel Footer Logo