[tor-dev] [proposal] Post-Quantum Secure Hybrid Handshake Based on NewHope

Jeff Burdges burdges at gnunet.org
Sun May 8 00:00:51 UTC 2016

On Sat, 2016-05-07 at 22:01 +0000, Yawning Angel wrote:
> how an adversary will be limited to just this information, and not
> things that enable a strong attack on it's own like packet timing
> escapes me

Yes, it's clear that an adversary who can get CPU timing can get packet

It's not clear if some adversary might prefer information about the seed
to simplify their larger infrastructure, like say by not needing to
worry about clock skew on their exit nodes, or even choosing to
compromise exit nodes soon after the fact. 

> Hmm?  The timing information that's available to a local attacker
> would be the total time taken for `a` generation.

Really?  I know nothing about the limits of timing attacks.  I just
naively imagined they learn from the timing of CPU work vs memory writes
or something. 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160508/25f5236d/attachment.sig>

More information about the tor-dev mailing list