Intel® Cryptography Primitives Library
Secure, fast, lightweight building blocks for cryptography-focused programming.
Develop highly performant and secure applications using our open-source software library.
Open Standards and Performance in Security Programming
Develop highly performant, lightweight, and secure applications using our open source software library. Ideal for securing data in storage and in flight.
- Cross-platform API
- Security (constant-time running for secret processing functions)
- Data protection in the post-quantum era
- Federal Information Processing Standards (FIPS) 140 compliance
- Designed for the small footprint size, optimized for Intel® CPUs
- Configurable CPU dispatching
- Kernel mode compatibility
- Thread-safe design
Privacy, security, and safety in many use cases and segments:
- Data security and ID verification
- Privacy and encryption
- Cloud and database security
- Telecommunications
- Banking
- Multimedia
- Autonomous driving
- Smart city
- Industry
- And more
Download binaries from Intel or choose your preferred repository.
Supported Cryptography Routines
The library provides a comprehensive set of routines commonly used for cryptographic operations, including:
Symmetric Cryptography Primitive Functions
- AES (ECB, CBC, CTR, OFB, CFB, XTS, GCM, CCM, SIV)
- SM4 (ECB, CBC, CTR, OFB, CFB, CCM)
- TDES (ECB, CBC, CTR, OFB, CFB)
- RC4
One-Way Hash Primitives
- SHA-1, SHA-224, SHA-256, HSA-384, SHA-512
- MD5
- SM3
Data Authentication Primitive Functions
- HMAC
- AES-CMAC
Public Key Cryptography Functions
- RSA, RSA-OAEP, RSA-PKCS_v15, RSA-PSS
- DLP, DLP-DSA, DLP-DH
- ECC (NIST curves), ECDSA, ECDH, EC-SM2
Arithmetic
- Multibuffer RSA, ECDSA, ECDH, x25519, SM2, SM3, SM4, and more
- Finite field arithmetic functions
- Big number integer arithmetic functions
- PRNG/TRNG and prime numbers generation
FIPS 140 and Post-Quantum
- FIPS 140 Compliance
- Post-quantum XMSS, LMS
For the full list, see the system requirements.
Built-In Optimizations
Stay at the forefront of cryptographic performance with built-in optimizations.
Intel Cryptography Primitives Library offers XMSS and LMS, which are stateful hash-based PQC signatures. While XMSS uses larger keys and signatures, it is a great option for long-term security applications. On the other hand, LMS has a smaller footprint with smaller keys and strikes a great balance between efficiency and security.
Post-Quantum Cryptography
This field of cryptography focuses on developing cryptographic algorithms that are resistant to attacks from quantum computers. These algorithms are based on mathematical problems that are thought to be difficult to solve, even for quantum computers. Some types of post-quantum cryptographic algorithms include lattice-based cryptography, hash-based, code-based, and multivariate.
National Institute of Standards and Technology (NIST) Post-Quantum Cryptography Standardization:
- Post-Quantum Cryptography (PQC)
- NIST Releases First Three Finalized Post-Quantum Encryption Standards
Post-Quantum Encryption Support:
Federal Information Processing Standards (FIPS) Compliant APIs
The Intel Cryptography Primitives Library provides FIPS-mode API building blocks (such as self-tests an FIPS-approved functionality status query), which can help the end users to fulfill FIPS Level 1 requirements.
Intel Cryptography Primitives Library releases have Cryptographic Algorithm Validation Program (CAVP) testing and certification done but do not have a full Cryptographic Module Validation Program certificate since the context of using its algorithms depends on the higher-level, end-user application.
NIST Documentation
- FIPS 140: Provides the standard ensuring the security of cryptographic modules. See FIPS General Information.
- FIPS 140-2*: Minimum security requirements for cryptographic modules in information technology products. See Information Technology Management Reform Act of 1996.
- FIPS 140-3: Aligns with ISO/IEC 19790:2012. It regulates vendor evidence and testing for validation authority.
FIPS Cryptography API Flowchart
- Intel Cryptography Primitives Library uses special structures (Spec and States) to store context information and provides service functions to work with context (for example, initialization).
- Cryptographic Algorithms API (both FIPS compliant and not FIPS compliant).
- FIPS self-tests the API and service to query if the algorithm is FIPS compliant.
- Version information, dispatcher control.
- Chooses the optimal code path depending on hardware features and application settings (through the Dispatcher control API).
- The algorithms may have multiple code branches for different hardware architectures, and different compilation flags may be used to achieve better performance.
Benchmarks
These benchmarks illustrate the performance capabilities of the Intel Cryptography Primitives Library.
Security and Privacy for All Aspects of Business and Daily Life
Security and privacy are important in the physical and digital worlds. The Intel Cryptography Primitives Library handles both with high reliability.
Privacy is the right to control how your information is viewed and used, while security is protection against threats or danger.
Security generally refers to the unauthorized access of data, often involving protection against hackers or cybercriminals. It includes protecting your data from malicious attacks and the exploitation of stolen data.
All cryptography algorithms included in this library undergo rigorous testing and cryptography internal standards compliance reviews before being published.
Intel Cryptography Primitives Library makes it accessible and scalable to meet security and privacy goals of modern cybersecurity.
What's New in 2025
- SM4 and SHA-512 hash algorithms optimized for Intel® Core™ Ultra 200V processors and Intel Core Ultra 200S processors.
- Advanced AES-GCM performance on Intel® Xeon® 6 processors and Intel® Core™ Ultra mobile processor and desktop processors.
- New HMAC-based key derivation function (HKDF) algorithms for short and strong secret keys to protect data and secure communication.
- New XMSS key and signature generation and enhanced SHA3 algorithms to protect data against classic and quantum computing threats.
- Optimized LMS PQC algorithm.
Get Help
Intel Support
Your success is our success. Access these support resources when you need assistance.
Intel Cryptography Primitives Library issues (GitHub)
Priority Support from Intel (available to customers who purchased a support plan)
How to Contribute
We welcome community contributions to the Intel Cryptography Primitives Library.
If you have an idea of how to improve the product:
- Review the contribution rules.
- Send your proposal directly using a pull request.
Also Available: Intel® Multi-Buffer Crypto for IPSec
Separately available, this library provides software crypto acceleration. The library is designed primarily for packet processing applications.
This library is used as a software crypto provider in DPDK*, Intel® QuickAssist Technology Engine for OpenSSL*, and FD.io*.
It's ideal for applications such as:
- IPSec
- Transport Layer Security (TLS)
- Wireless (RAN)
- Cable
- MPEG DRM