[tor-dev] [proposal] Post-Quantum Secure Hybrid Handshake Based on NewHope

Jeff Burdges burdges at gnunet.org
Thu May 12 09:58:56 UTC 2016

On Thu, 2016-05-12 at 05:29 +0000, Yawning Angel wrote:
> and move the handshake
> identifier into the encrypted envelope) so that only the recipient
> can see which algorithm we're using as well (So: Bad guys must have
> a quantum computer and calculate `z` to figure out which post quantum
> algorithm we are using).

This sounds like a win.

We still do not know if/when quantum computers will become practical.
It was only just last year that 15 was finally factored "without
cheating" : http://www.scottaaronson.com/blog/?p=2673

We do know that advancements against public key crypto systems will
occur, so wrapping up the more unknown system more tightly sounds wise.

In the shorter term, SIDH would take only one extra cell, maybe none if
tweaked downward, as compared to the four of New Hope, and whatever NTRU
needs.  This variation might be good or bad for anonymity, but it's
sound better if fewer nodes can compare the numbers of packets with the
algorithms used.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160512/e9d9bdcf/attachment.sig>

More information about the tor-dev mailing list