[tor-dev] Quantum-safe Hybrid handshake for Tor

Jeff Burdges burdges at gnunet.org
Fri Apr 29 18:54:18 UTC 2016

On Sun, 2016-04-03 at 15:36 +0000, Yawning Angel wrote:
> http://cacr.uwaterloo.ca/techreports/2014/cacr2014-20.pdf
> Is "optimized" in that, it is C with performance critical parts in
> assembly (Table 3 is presumably the source of the ~200 ms figure from
> the wikipedia article).  As i said, i just took the performance figures
> at face value.
> I'm sure it'll go faster with time, but like you, I'm probably not going
> to trust SIDH for a decade or so.

There is a new SIDH library from MS Research : 

On Tue, 2016-04-26 at 15:05 +0000, isis wrote:
> It's not my paper, so I probably shouldn't give too much away, but…
> Essentially, there are two different optimisations being discussed: one which
> allows faster signature times via batching, which can optionally also be used
> to decrease the size of the signatures (although assuming you're sending
> several signatures in succession to the same party).  That optimisation is
> maybe useful for something like PQ Bitcoin; probably not so much for Tor.

It's maybe worth keeping this sort of tool in mind for tools like co-signing.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160429/1d294477/attachment-0001.sig>

More information about the tor-dev mailing list