On Sun, 3 Jan 2016 04:16:17 -0500 grarpamp <grarpamp@xxxxxxxxx> wrote: > http://safecurves.cr.yp.to/ > > Just another link. None of those algorithms will hold up to a quantum computer, and apart from for TLS (where we use the NIST curves) we already use "safe" Curve/Ed25519. So I don't know why you're bringing it up. This is discussion regarding how to prevent a total disaster in the event of a Curve25519 break. nb: Migrating to X448 would possibly hold up longer than Curve25519 would since it requires a bigger quantum computer. But performance isn't that great without using vectorization. > > Additionally, without AVX2, signing is glacially slow, clocking in > > at ~200 ms on an Haswell i5. The same hardware does our existing > > ntor handshake in ~230 usec. > > Haswell i5 seems to have AVX2, as do all Haswell's, > perhaps you refer to Ivy Bridge i5's which do not... Or, perhaps I meant exactly what I said, because the implementation I happened to benchmark (which I coincidentally, happened to write) does not use AVX2 (it doesn't, since it was written to be portable) and I wanted non-vectorized performance numbers (I did). I know the algorithm is faster when vectorized but that does little good for what I suspect are a substantial fraction of the relays. -- Yawning Angel
Attachment:
pgpoE_Ih2JoTe.pgp
Description: OpenPGP digital signature
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev