[Resource Topic] 2016/1157: NewHope without reconciliation

Welcome to the resource topic for 2016/1157

NewHope without reconciliation

Authors: Erdem Alkim, Léo Ducas, Thomas Pöppelmann, Peter Schwabe


In this paper we introduce NewHope-Simple, a variant of the NewHope Ring-LWE-based key exchange that is using a straight-forward transformation from Ring-LWE encryption to a passively secure KEM (or key-exchange scheme). The main advantage of NewHopeLP-Simple over NewHope is simplicity. In particular, it avoids the error-reconciliation mechanism originally proposed by Ding. The explanation of his method, combined with other tricks, like unbiasing the key following Peikert’s tweak and using the quantizer D_4 to extract one key bit from multiple coefficients, takes more than three pages in the NewHope-Simple paper. The price for that simplicity is small: one of the exchanged messages increases in size by 6.25\% from 2048 bytes to 2176 bytes. The security of NewHopeLP is the same as the security of NewHope; the performance is very similar.

ePrint: https://eprint.iacr.org/2016/1157

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .