<div dir="ltr"><div><div><div><div><div>Hi all, <br><br></div>If I understand it properly, in the proposal the client need to send the whole <br></div>matrix A during the first initiation message. I draw this conclusion from the<br></div><div>datagram:<br></div><div><br><pre><code><pre> | a, A := NEWHOPE_KEYGEN(SEED) |
| CLIENT_HDATA := ID || Z || X || A |
| |
| --- CLIENT_HDATA ---> </pre></code></pre><br><br></div>May I ask why? Is it because the keypair generation is modularized, and<br>hence a and A are connected from a protocol point of view? However, in the<br></div>original construction of new hope, or other R-LWE based schemes, a and A<br></div><div>are sampled independently, giving out the seed of A will not leak information<br></div><div>on a. So how about the following:<br><br><pre><code><pre> | A := NEWHOPE_PK_KEYGEN(SEED1) |<br> | a := NEWHOPE_SK_KEYGEN(SEED2) |<br> | CLIENT_HDATA := ID || Z || X || SEED1 |
| |
| --- CLIENT_HDATA ---> </pre></code></pre><pre><code></code></pre><br><br></div><div>This will save significant data for the first transmission: over 1 KB of A <br></div><div>compared to 32 bits of SEED1. The server will be able to recover A from<br></div><div>NEWHOPE_PK_KEYGEN which will be a public function.<br></div><div><div><div><div><br><br></div><div>Cheers,<br></div><div>Zhenfei<br></div><div><br></div></div></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, May 9, 2016 at 12:07 PM, isis <span dir="ltr"><<a href="mailto:isis@torproject.org" target="_blank">isis@torproject.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><a href="mailto:eikovi@sigaint.org">eikovi@sigaint.org</a> transcribed 0.6K bytes:<br>
<span class="">> isis wrote:<br>
> > <a href="mailto:eikovi@sigaint.org">eikovi@sigaint.org</a> transcribed 1.1K bytes:<br>
> >> Typos:<br>
> ><br>
> > Thanks! Fixed:<br>
> ><br>
> > <a href="https://gitweb.torproject.org/user/isis/torspec.git/commit/?h=draft/newhope&id=5c115905" rel="noreferrer" target="_blank">https://gitweb.torproject.org/user/isis/torspec.git/commit/?h=draft/newhope&id=5c115905</a><br>
><br>
> You skipped 2:<br>
><br>
> - public keys already being in included within the "ntor-onion-key" entry.<br>
> + public keys already being included within the "ntor-onion-key" entry.<br>
><br>
> - [0]; a pseudocode description of a very naive inplace transformation of an<br>
> + [0]; a pseudocode description of a very naive in-place transformation of an<br>
<br>
</span>Oops! Thanks again. Peter fixed those in this commit:<br>
<a href="https://gitweb.torproject.org/user/isis/torspec.git/commit/?h=draft/newhope&id=28181cc7" rel="noreferrer" target="_blank">https://gitweb.torproject.org/user/isis/torspec.git/commit/?h=draft/newhope&id=28181cc7</a><br>
<div class="HOEnZb"><div class="h5"><br>
--<br>
♥Ⓐ isis agora lovecruft<br>
_________________________________________________________<br>
OpenPGP: 4096R/0A6A58A14B5946ABDE18E207A3ADB67A2CDB8B35<br>
Current Keys: <a href="https://fyb.patternsinthevoid.net/isis.txt" rel="noreferrer" target="_blank">https://fyb.patternsinthevoid.net/isis.txt</a><br>
</div></div><br>_______________________________________________<br>
tor-dev mailing list<br>
<a href="mailto:tor-dev@lists.torproject.org">tor-dev@lists.torproject.org</a><br>
<a href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev" rel="noreferrer" target="_blank">https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev</a><br>
<br></blockquote></div><br></div>