On Thu, 23 Feb 2017 00:01:29 +0000 isis agora lovecruft isis@torproject.org wrote:
The bad news is that, work on it is on going, and it does not make a good GSOC project because, the bulk of the implementation work will likely happen before the summer.
It will?
Probably? If people take what I say out of context, or as a promise of anything, they may end up disappointed, but I don't really care.
- Implement the NewHope-Simple algorithm[1] because we'll not be
able to use the Vanilla NewHope as it is protected by some patents. I wasn't able to find any implementation of NewHope Simple. So can the Vanilla NewHope Implementation be tweaked to convert it into NewHope Simple? Or would we have to write it from ground up? I don't know about the patent laws regarding it.
I haven't talked to Peter in a while (and will ask him after I send this), but I am not aware of any patent claims against the vanilla NewHope algorithm (and the NewHope-Simple paper does not mention this at all either).
Sorry, I'm being deliberately vague about this because I don't want to feed the patent trolls or provide a weapon to anyone who wants to fight against good crypto, but the patent exists, and it affects nearly all lattice-based handshakes. NewHope simple is not affected.
I spoke with some people and got filled in. I'm not going to look at the claim, because that's something for a legal department somewhere to sort out, and not my problem.
Since the Simple variant is easier for others to implement, and sidesteps the random asshats issue, I don't think this is a big deal anyway.
Regards,