[tor-dev] [proposal] Post-Quantum Secure Hybrid Handshake Based on NewHope

Peter Schwabe peter at cryptojedi.org
Sun May 8 15:21:20 UTC 2016

isis <isis at torproject.org> wrote:

Hi all,

> Nope, it would still not work to fix the timing attack.  Although, luckily, we
> already wrote some constant time code for my sorting-network idea, and then,
> with some coffee, Peter made it faster.  (Give us something stronger to drink,
> and we'll probably come up with a way to get it even faster.)

Still on coffee and with a size-84 Batcher sort and Yawning's 5q trick I
now have an AVX2 implementation of NewHope that is faster than the
original and does sampling of the polynomial a in constant time. Now I'm
up for some stronger drinks...


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 811 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160508/8d89ae66/attachment.sig>

More information about the tor-dev mailing list