Class NewHope

NewHope provides post-quantum Ring-LWE-based key exchange between two peers.

One peer generates an "offer message"" by calling offer(), and sends it to the other peer. The other peer accepts the offer and generates "accept message" by calling accept() with the received offer message. It then send the result to the first peer, which calls finish(). After completing these steps, both peers call getSharedKey() to get the established shared key.

This is a reference version, which uses SHAKE-128 and SHA-3-256. You can create a custom version by requiring "lib/custom" and extending CustomNewHope class.

Reference:

Erdem Alkim, Léo Ducas, Thomas Pöppelmann, and Peter Schwabe: Post-quantum key exchange – a new hope.

https://cryptojedi.org/papers/#newhope

Hierarchy

  • CustomNewHope
    • NewHope

Constructors

constructor

Properties

acceptMessageLength offerMessageLength savedStateLength sharedKeyLength

Methods

accept clean finish getSharedKey offer restoreState saveState

Constructors

constructor

Properties

ReadonlyacceptMessageLength

acceptMessageLength: number = ACCEPT_MESSAGE_LENGTH

Accept message length in bytes

ReadonlyofferMessageLength

offerMessageLength: number = OFFER_MESSAGE_LENGTH

Offer message length in bytes

ReadonlysavedStateLength

savedStateLength: number = SAVED_STATE_LENGTH

Saved state length in bytes *

ReadonlysharedKeyLength

sharedKeyLength: number

Shared key length in bytes *

Methods

accept

  • accept(offerMsg): Uint8Array

  • Checks the offer message and returns an accept message.

    Parameters

    • offerMsg: Uint8Array

    Returns Uint8Array

clean

  • clean(): void

  • Cleans the temporary instance data.

    Returns void

finish

  • finish(acceptMsg): this

  • Checks the accept message and generates shared key, which can be retrieved using getSharedKey().

    Parameters

    • acceptMsg: Uint8Array

    Returns this

getSharedKey

  • getSharedKey(): Uint8Array

  • Returns the agreed shared key.

    • Offering party should call this after finish().
    • Accepting party should call this after accept().

    Returns Uint8Array

offer

  • offer(seed?): Uint8Array

  • Returns an offer message.

    Optional public seed must have PUBLIC_SEED_LENGTH random bytes. If not provided, it's generated using randomBytes.

    Parameters

    • seed: Uint8Array = ...

    Returns Uint8Array

restoreState

  • restoreState(serializedState): this

  • Restores offering party's state.

    Parameters

    • serializedState: Uint8Array

    Returns this

saveState

  • saveState(): Uint8Array

  • Serializes secret offering party state into byte array.

    This function should be called after offer() if the offering party cannot keep KeyAgreement instance in memory. When it receives accept message, it can create a new instance and call restoreState() on it with the serialized state to recover to continue the agreement.

    Returns Uint8Array

Settings

Member Visibility

On This Page

Constructors
Properties
Methods