[tor-dev] [proposal] Post-Quantum Secure Hybrid Handshake Based on NewHope
Peter Schwabe
peter at cryptojedi.org
Sun May 8 15:21:20 UTC 2016
isis <isis at torproject.org> wrote:
Hi all,
> Nope, it would still not work to fix the timing attack. Although, luckily, we
> already wrote some constant time code for my sorting-network idea, and then,
> with some coffee, Peter made it faster. (Give us something stronger to drink,
> and we'll probably come up with a way to get it even faster.)
Still on coffee and with a size-84 Batcher sort and Yawning's 5q trick I
now have an AVX2 implementation of NewHope that is faster than the
original and does sampling of the polynomial a in constant time. Now I'm
up for some stronger drinks...
Cheers,
Peter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 811 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160508/8d89ae66/attachment.sig>
More information about the tor-dev
mailing list