<html><head></head><body>How would u add quantum-safe<br>
crypto? I havent seen anyone puttin a pub lib that anyone can import<br><br><div class="gmail_quote">tor-dev-request@lists.torproject.org skrev: (2 januari 2016 13:00:02 CET)<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<pre class="k9mail">Send tor-dev mailing list submissions to<br /> tor-dev@lists.torproject.org<br /><br />To subscribe or unsubscribe via the World Wide Web, visit<br /> <a href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev">https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev</a><br />or, via email, send a message with subject or body 'help' to<br /> tor-dev-request@lists.torproject.org<br /><br />You can reach the person managing the list at<br /> tor-dev-owner@lists.torproject.org<br /><br />When replying, please edit your Subject line so it is more specific<br />than "Re: Contents of tor-dev digest..."<br /><br /><br />Today's Topics:<br /><br /> 1. Re: Quantum-safe Hybrid handshake for Tor (Ryan Carboni)<br /> 2. Re: Quantum-safe Hybrid handshake for Tor (Yawning Angel)<br /><br /><br /><hr /><br /><br />Message: 1<br />Date: Fri, 1 Jan 2016 19:33:31 -0800<br />From: Ryan Carboni <ryacko@gmail.com><br />To: tor-dev@lists.torproject.org<br
/>Subject: Re: [tor-dev] Quantum-safe Hybrid handshake for Tor<br />Message-ID:<br /> <CAO7N=i2MspE1N5eOczCyT9RCPORgUJboSOY3vUMGKL5FSzAPnw@mail.gmail.com><br />Content-Type: text/plain; charset="utf-8"<br /><br />The first step should be replacing the long-term keys with quantum-safe<br />crypto.<br />-------------- next part --------------<br />An HTML attachment was scrubbed...<br />URL: <<a href="http://lists.torproject.org/pipermail/tor-dev/attachments/20160101/14b4bd21/attachment-0001.html">http://lists.torproject.org/pipermail/tor-dev/attachments/20160101/14b4bd21/attachment-0001.html</a>><br /><br /><hr /><br /><br />Message: 2<br />Date: Sat, 2 Jan 2016 04:19:28 +0000<br />From: Yawning Angel <yawning@schwanenlied.me><br />To: tor-dev@lists.torproject.org<br />Subject: Re: [tor-dev] Quantum-safe Hybrid handshake for Tor<br />Message-ID: <20160102041928.15e0cbc3@schwanenlied.me><br />Content-Type: text/plain; charset="us-ascii"<br /><br />On Fri, 1 Jan
2016 19:33:31 -0800<br />Ryan Carboni <ryacko@gmail.com> wrote:<br /><br /><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #729fcf; padding-left: 1ex;"> The first step should be replacing the long-term keys with<br /> quantum-safe crypto.<br /></blockquote><br />Wrong.<br /><br />There are NO usable PQ signature primitives that are suitable for<br />deployment. Adding 1408+ bytes to every single microdescriptor is<br />not a realistic proposition. Signing is also quite expensive unless you<br />have AVX2, and will decimate circuit build performance.<br /><br />Protecting against Quantum Computer equipped active Man-In-The-Middle<br />attacks is the least important thing to do in terms of user safety.<br /><br />By modifying the link handshake to incorporate a PQ key exchange<br />algorithm with ephemeral keys as in the proposal, user data being<br />generated right now will be protected from bulk decryption later, in<br />the event of
a Curve25519 break (probably by a large enough Quantum<br />Computer), which is a far more realistic threat to be concerned about.<br /></pre></blockquote></div><br>
-- <br>
Sincerly Flipchan</body></html>