The well-known paper described a key exchange (KE) scheme named "NewHope" on USENIX 2016. The authors then proposed "NewHope-Simple" - a PKE/KEM scheme. They also submitted "NewHope for NIST" - variation of "NewHope-Simple" to the NIST PQC competition. Can anyone summarize:
Differences between "NewHope" and "NewHope-Simple" (Focus on the rationale, not only compare KE with KEM).
Differences between "NewHope for NIST" and "NewHope-Simple".
