> I'd imagine everyone in this thread knows this, but New Hope requires
> that "both parties use fresh secrets for each instantiation".

NTRUEncrypt, which has also been proposed for this, can be used with ephemeral or long-lived keys safely.

Cheers,

William