isis <isis@xxxxxxxxxxxxxx> wrote: Hi all, > Nope, it would still not work to fix the timing attack. Although, luckily, we > already wrote some constant time code for my sorting-network idea, and then, > with some coffee, Peter made it faster. (Give us something stronger to drink, > and we'll probably come up with a way to get it even faster.) Still on coffee and with a size-84 Batcher sort and Yawning's 5q trick I now have an AVX2 implementation of NewHope that is faster than the original and does sampling of the polynomial a in constant time. Now I'm up for some stronger drinks... Cheers, Peter
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev