[tor-dev] [proposal] Post-Quantum Secure Hybrid Handshake Based on NewHope
burdges at gnunet.org
Sun May 8 20:55:12 UTC 2016
On Sun, 2016-05-08 at 13:15 +0000, isis wrote:
> Also, deriving `a` "somehow" from the shared X25519 secret is a bit
> (c.f. the §3 "Backdoors" part of the NewHope paper,
Oh wow. That one is nasty.
> or Yawning's PoC of a
> backdoored NewHope handshake ).
I see. The point is that being ambiguous about the security
requirements of the seed for a lets you sneak in a bad usage of it
In some cases, I suppose both sides contributing to a might help them
know the other side is not backdoored, but that's not so relevant for
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: This is a digitally signed message part
More information about the tor-dev