Not sure if this has been noted before on this thread, but the BoringSSL team is working on something very similar:

https://boringssl-review.googlesource.com/#/c/7962/


On Thu, May 19, 2016 at 1:01 PM Yawning Angel <yawning@schwanenlied.me> wrote:
On Tue, 17 May 2016 17:49:46 +0000 (UTC)
lukep <lukep@tutanota.com> wrote:
> > [snip]
> > > In other words, I'd expect our future trust in Ring-LWE and SIDH
> > > to evolve in different ways.  And counting papers will not be
> > > informative.
> >
> > Yeah probably.  I can envision having no choice but to use SIDH
> > sometime in the future (or vice versa).  It's an evolving field,
> > and my current mindset is "pick one or two that probably won't kill
> > the network (CPU/network/whatever)", integrate it in a way that is
> > easy to switch at a later point, and deploy it.
>
> The important thing now is surely to get the protocol right so that
> we can slot algorithms in or out (then pick one or two that we
> actually want to integrate)

The relevant proposals here would be:

https://gitweb.torproject.org/torspec.git/tree/proposals/264-subprotocol-versions.txt
https://gitweb.torproject.org/torspec.git/tree/proposals/249-large-create-cells.txt

With emphasis on the 264, since that's probably how link handshake
crypto support will be signified.

Regards,

--
Yawning Angel
_______________________________________________
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev