Quantum-Safe Key Exchange - Example

In this example we shall demonstrate the how to use the **NewHope key exchange** protocol, which is a quantum-safe **lattice-based** key-exchange algorithm, designed to provide at least **128-bit post-quantum security level**. The underlying math is based on the Ring-Learning-with-Errors (**Ring-LWE**) problem and operates in a ring of **integer polynomials** by certain modulo. The key-exchange operates like this:

- 1.Alice generates a random
**private key**and corresponding**public message**(public key) and sends the message to Bob. The**public message**consists of 1024 polynomial coefficients (integers in the range [0...61443]) + random seed (32 bytes). - 2.Bob takes the
**message from Alice**(polynomial + seed) and calculates from it the**shared secret key**between Alice and Bob. Bob also generates internally a**private key**and uses it to calculate and sends a**public message**to Alice. This public message consists of**2 polynomials**, each represented by 1024 integer coefficients. - 3.Alice takes the
**message from Bob**(the 2 polynomials) and calculates from it the**shared secret key**between Alice and Bob (using her private key). The calculated**shared key**consists of 32 bytes (256 bits), perfect for symmetric key encryption.

To illustrate the **NewHope key exchange** algorithm, we shall use the

`PyNewHope`

package from the Python's official PyPI repository (which is designed for educational purposes and is not certified for production use):1

pip install pynewhope

Copied!

The code to demonstrate the quantum-safe key-exchange "NewHope" is simple:

1

from pynewhope import newhope

2

â€‹

3

# Step 1: Alice generates random keys and her public msg to Bob

4

alicePrivKey, aliceMsg = newhope.keygen()

5

print("Alice sends to Bob her public message:", aliceMsg)

6

â€‹

7

# Step 2: Bob receives the msg from Alice and responds to Alice with a msg

8

bobSharedKey, bobMsg = newhope.sharedB(aliceMsg)

9

print("\nBob's sends to Alice his public message:", bobMsg)

10

print("\nBob's shared key:", bobSharedKey)

11

â€‹

12

# Step 3: Alice receives the msg from Bob and generates her shared secret

13

aliceSharedKey = newhope.sharedA(bobMsg, alicePrivKey)

14

print("\nAlice's shared key:", aliceSharedKey)

15

â€‹

16

if aliceSharedKey == bobSharedKey:

17

print("\nSuccessful key exchange! Keys match.")

18

else:

19

print("\nError! Keys do not match.")

Copied!

Alice generates a **private key** + **public message** and sends her public message to Bob, then Bob calculates his copy of the **shared secret key** from Alice's message and generates a **public message** for Alice, and finally Alice calculates her copy of the **shared secret key** from her private key together with Bob's message.

The **output** from the above code looks like this (the 1024 polynomial coefficients are given in abbreviated form):

1

Alice sends to Bob her public message: ([12663, 7323, 8979, 7763, 11139, 5460, 7337, 12182, ..., 8214, 10808, 8987], b'*[\x98t\xae\xe9\xc5H\xfc\xc2\x9b$\xd6\xaa[8k\xc1\x8d\xad\x1d\x01\x87i\xed\x03\x06\xe1k2\xa7N')

2

â€‹

3

Bob's sends to Alice his public message: ([2, 1, 1, 2, 0, 1, 1, 1, 1, 3, 3, 2, 1, 1, 3, 0, ..., 0, 0, 3], [7045, 4326, 6186, 8298, 12738, ..., 7730, 10577, 8046])

4

â€‹

5

Bob's shared key: [228, 159, 146, 8, 56, 146, 50, 7, 59, 87, 113, 57, 151, 137, 240, 139, 215, 33, 71, 188, 108, 239, 231, 252, 230, 77, 181, 178, 176, 7, 219, 217]

6

â€‹

7

Alice's shared key: [228, 159, 146, 8, 56, 146, 50, 7, 59, 87, 113, 57, 151, 137, 240, 139, 215, 33, 71, 188, 108, 239, 231, 252, 230, 77, 181, 178, 176, 7, 219, 217]

8

â€‹

9

Successful key exchange! Keys match.

Copied!

It is visible that the calculated **secret shared key** is the same 32-byte sequence for Alice and Bob and thus the key exchange algorithm works correctly. The above demonstrated **HewHope** key exchange algorithm works quite **fast** and provides a **128 bits of post-quantum security**.

Copy link