[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] [prop269] [prop270] Ideas from Tor Meeting Discussion on Post-Quantum Crypto

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] [prop269] [prop270] Ideas from Tor Meeting Discussion on Post-Quantum Crypto
From: Nick Mathewson <nickm@xxxxxxxxxxxx>
Date: Mon, 3 Apr 2017 09:06:24 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 03 Apr 2017 09:06:50 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to; bh=H+D/deY9tFOydgX1FX6++PbuDsHFHGSvDFNa720k4bw=; b=dSuXTiwoQjCJHV84qr9y4ZO2HU7w3LN/eItWOGmwoBwkxJnrmh2A6pfc7DVnNHf2Dd +koLQqbGX9nxT0rFuC1YY4M9QBW8pD0NkDhdZQ+MhqFXj2ecDobGjUxvQfRQbemCinTQ REsgfJRoG+PCjnHr59vfVc9HB/WTYBgOAD4lWO6gAjcThnwszUXKtukhv8G5EiclCCBy oMBf/ZfoNNeRW7gs+kBoXRlQhBhVWyV3+pLFgIYtLRukhbz0fRw8nzI1YHYxh6XePpE/ 8A7SyBVY2fO/OQy29BMGmlUsdUMsLYFDHCP65zUwSKCvPtLxak9SyM++aLrioxGt1xs1 1/nQ==
In-reply-to: <20170401022047.GM5423@patternsinthevoid.net>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <20170401022047.GM5423@patternsinthevoid.net>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

On Fri, Mar 31, 2017 at 10:20 PM, isis agora lovecruft
<isis@xxxxxxxxxxxxxx> wrote:
> Hey hey,
>
> In summary of the breakaway group we had last Saturday on post-quantum
> cryptography in Tor, there were a few potentially good ideas I wrote down,
> just in case they didn't make it into the meeting notes:
>
>  * A client should be able to configure "I require my entire circuit to have
>    PQ handshakes" and "I require at least one handshake in my circuits to be
>    PQ".  (Previously, we had only considered having consensus parameters, in
>    order to turn the feature on e.g. once 20% of relays supported the new
>    handshake method.)

+1 on having something like this happen in some way, -0 on having
client configuration be the recommended way for any purpose other than
testing (Having clients behave differently is best avoided.)

Our usual approach for this kind of thing a consensus parameter that
can be overridden with a local option.


>  * Using stateful hash-based signatures to sign descriptors and/or consensus
>    documents, and (later) if state has been lost or compromised, then request
>    the last such document submitted to regain state (probably skipping over
>    all the leaves of the last used node in the tree, or the equivalent, to be
>    safe).  (This requires more concrete design analysis, including the effects
>    of the large size of hash-based signatures on the directory bandwidth
>    usage, probably in a proposal or longer write up, should someone awesome
>    decides to research this idea further. :)

Interesting!  I'd hope we do this as a separate proposal.

Also my hope is that in our timeline, we prioritize PQ encryption over
authentication, since PQ encryption provides us forward secrecy
against future quantum computers, whereas PQ authentication is only
useful once a sufficient quantum computer exists.

(That's no reason not to think about PQ authentication, but with any
luck, we can wait a few years for the PQ crypto world to invent some
even better algorithms.)

peace,
-- 
Nick
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] [prop269] [prop270] Ideas from Tor Meeting Discussion on Post-Quantum Crypto
  - From: isis agora lovecruft

Prev by Author: Re: [tor-dev] Tor in a safer language: Network team update from Amsterdam
Next by Author: Re: [tor-dev] GSoC: Questions on allowing for more DNS request types
Previous by thread: Re: [tor-dev] Comments on proposal 279 (Name API)
Next by thread: Re: [tor-dev] [prop269] [prop270] Ideas from Tor Meeting Discussion on Post-Quantum Crypto
Index(es):
- Author
- Thread