Skip to content

Implementations of NewHope RLWE key exchange as described in the USENIX 2016 paper

Notifications You must be signed in to change notification settings


Folders and files

Last commit message
Last commit date

Latest commit



9 Commits

Repository files navigation


Implementations of the NewHope Ring-LWE-based key exchange as described in the USENIX Security 2016 paper Post-quantum key exchange -- a new hope by Erdem Alkım, Léo Ducas, Thomas Pöppelmann, and Peter Schwabe.

Build instructions

To obtain and build the code, run the following sequence of commands:

 git clone
 cd newhope-usenix/ref && make
 cd ../avx2 && make
 cd ../torref && make
 cd ../toravx2 && make

This will build the binaries

  • ref/test/test_newhope,
  • ref/test/test_statistical,
  • ref/test/testvectors,
  • ref/test/speed,
  • avx2/test/test_newhope,
  • avx2/test/test_statistical,
  • avx2/test/testvectors,
  • avx2/test/speed,
  • torref/test/test_newhope,
  • torref/test/test_statistical,
  • torref/test/testvectors,
  • torref/test/speed,
  • toravx2/test/test_newhope,
  • toravx2/test/test_statistical,
  • toravx2/test/testvectors, and
  • toravx2/test/speed.

The test_newhope binary performs various key exchanges and outputs nothing if they are successful. The test_statistical generates many keys without final hashing and prints statistics on the distribution of ones and zeroes in those keys. The testvectors binary runs many key exchanges with deterministic "random-number" generation to ensure compatibility of independent implemtenations and the speed binary performs benchmarks and prints results.

The torref and toravx2 implementations use a different, constant-time, generation of the polynomial a from a seed as described in the paper. The testvectors generated by those implementations are not compatible with the testvectors generated by ref and avx2.

Aside from the implementations of the key exchange, the software package also contains 5 Python scripts in the scripts subdirectory. For details of those scripts please refer to the in the paper.


All code in this repository is in the public domain. For Keccak, ChaCha, and AES we are using public-domain code from sources and by authors listed in comments on top of the respective files.


Implementations of NewHope RLWE key exchange as described in the USENIX 2016 paper






No releases published


No packages published