NewHope
 | This article, NewHope, has recently been created via the Articles for creation process. Please check to see if the reviewer has accidentally left this template after accepting the draft and take appropriate action as necessary.
Reviewer tools: Inform author |
In cryptography, NewHope is a key-agreement protocol by Erdem Alkim et al. designed to resist quantum computer attacks.[1]
NewHope is based on the Ring learning with errors (RLWE) problem. It is a round-two contestant in the NIST PQC competition,[2] and is used in Google's CECPQ1 experiment as a quantum-secure algorithm (alongside the classical X25519).[3]
Features
- Binomial Sampling: Although sampling to high-quality discrete Gaussian distribution is important in post-quantum lattice-based compact signature scheme such as Falcon (GPV-style Hash-and-Sign paradigm) and BLISS (GLP-style Fiat-Shamir paradigm) to prevent signature from leaking information about the private key, it's otherwise not so essential to key exchange schemes. The author chose to sample error vectors from binomial distribution.
- Error Reconciliation: What NewHope differs from its predecessors, is its method for error reconciliation. Previous ring learning with error key exchange schemes corrects errors one coefficient at a time; where as NewHope corrects error 2 or 4 coefficients at a time based on high-dimension geometry. This allows for lower decryption failure rate and higher security.
- Base Vector Generation: The authors of NewHope proposed deriving the base "generator" vector (commonly denoted as A or ) from the output of the XOF function SHAKE-128 in order to prevent "back-doored" values from being used, as may happen with traditional Diffie-Hellman through Logjam attack.
- Security Levels: In the early versions of the papers describing NewHope, authors proposed using 1024-degree polynomial for 128-bit "post-quantum" security level, and a 512-degree polynomial as "toy" instance for cryptanalysis challange.[4] In the version submitted to NIST, the 512-degree version is codified to provide 128-bit "classical" security level.
See also
- Reference implementation
- Original proposal paper
- Ring learning with errors
- Quantum cryptography
- Post-Quantum Cryptography Standardization
- CECPQ1
References
- ^ "NewHope".
- ^ Computer Security Division, Information Technology Laboratory (3 January 2017). "Round 2 Submissions - Post-Quantum Cryptography - CSRC". Csrc.nist.gov. Retrieved 14 November 2019.
- ^ "Experimenting with Post-Quantum Cryptography". security.googleblog.com. 7 July 2016. Retrieved 14 November 2019.
- ^ "Post-quantum key exchange - a new hope". eprint.iacr.org. 10 November 2016. Retrieved 14 November 2019.
Category:Cryptographic protocols Category:Application layer protocols Category:Transport Layer Security
 | This cryptography-related article is a stub. You can help Wikipedia by expanding it. |