[tor-dev] Quantum-safe Hybrid handshake for Tor

Jeff Burdges burdges at gnunet.org
Wed Feb 3 17:12:02 UTC 2016

On Fri, 2016-01-01 at 11:14 +0000, Yawning Angel wrote:

> On Thu, 31 Dec 2015 20:51:43 +0000
> isis <isis at torproject.org> wrote:
> [snip]
> > I feel like there needs to be some new terminology here.  It's
> > certainly not post-quantum secure, but "quantum-safe" doesn't seem
> > right either, because it's exactly the point at which the adversary
> > gains appropriate quantum computational capabilities that it become
> > *unsafe*.  If I may, I suggest calling it "pre-quantum secure". :)
> Post-quantum forward-secrecy is what I've been using to describe this
> property.

Isn't that using "forward security" to denote a weakening when it
usually denotes a strengthening? 

> I personally don't think that any of the PQ signature schemes are
> usable
> for us right now, because the smallest key size for an algorithm that
> isn't known to be broken is ~1 KiB (SPHINCS256), and we probably
> can't
> afford to bloat our descriptors/micro-descriptors that much.

Did you mean to talk about the 41ish kb signature here?

I donno that you'll ever beat that 1kb key size with a post-quantum
system.  There is a lattice based signature scheme and an isogeny based
scheme that'll both beat SPHINCS on signature sizes, but I think not so
much on key size. 


p.s.  I'd imagine that key size might come from the public key itself
proving that it's a SPHINCS public key or doing a simple initial
signature or something.  If you didn't care during storage that the key
is really a key, or what its good for, then a 256 bit fingerprint of a
SPHINCS public key would be as good as a SPHINCS public key itself,
right?  It's dubious that Tor, or anyone really, could use fingerprints
in such a context-free way though.  

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160203/c1b3d110/attachment-0001.sig>

More information about the tor-dev mailing list