[tor-dev] Quantum-safe Hybrid handshake for Tor

[Ryan Carboni]

>
> We had a GSOC project to produce "consensus diffs", so that clients could download the differences between each consensus each hour, rather than downloading a full consensus (~1.5MB).
>
> It showed some great results, but still needs a little work before we merge it.https://trac.torproject.org/projects/tor/ticket/13339 <https://trac.torproject.org/projects/tor/ticket/13339>
>
>
Still, one doesn't need to download the full consensus.
3/16ths of the consensus could work and would be more beneficial for low
bandwidth clients.

If Tor became popular, it wouldn't be usable. Right now it consumes the
bandwidth of several colleges. If Tor got anywhere near consuming the
bandwidth and popularity of a major datacenter (such as the five million
user botnet spike of 2013), Tor wouldn't work too well.

Facebook has hundreds of millions of active users. A few billion people
live under a dictatorship.

How well would Tor work if it's infrastructure and usage was scaled up a
hundred times? It's not an immediate issue, but if one was to add quantum
cryptography, this would be one of the issues that needs to be addressed
(as it is one of many long-term issues).

nb: Migrating to X448 would possibly hold up longer than Curve25519
> would since it requires a bigger quantum computer.  But performance
> isn't that great without using vectorization.
>
>
Given the slow time it takes to roll things out, a timeline which begins
with trusted directory keys include post-quantum crypto first, and which
ends in enabling clients to use post-quantum crypto would be best.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160103/9e491888/attachment.html>