[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Quantum-safe Hybrid handshake for Tor



I'd imagine everyone in this thread knows this, but New Hope requires
that "both parties use fresh secrets for each instantiation".  

I suppose any key exchanges designed around this meshes well enough with
ntor, so that's okay.  It leaves you relying on ECDH for the key
exchange with long term key material though. 

I have not read the papers on doing Ring-LWE key exchanges with long
term key material, but presumably they increase the key side. 


On Wed, 2016-04-20 at 19:00 +0000, Yawning Angel wrote:
> And my gut feeling is RingLWE will have performant, well defined
> implementations well before SIDH is a realistic option.

This is undoubtedly true because too few people are looking into SIDH. 

I've been chatting with Luca about writing a "more production ready"
implementation, like optimizing the GF(p^2) field operations and things.
If that happens, maybe it'll spur more interest. 

There is some chance SIDH might wind up being preferable for key
exchanges with long term key material. 

Jeff


Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev