[tor-dev] [proposal] Post-Quantum Secure Hybrid Handshake Based on NewHope

Yawning Angel yawning at schwanenlied.me
Thu May 19 17:00:28 UTC 2016

On Tue, 17 May 2016 17:49:46 +0000 (UTC)
lukep <lukep at tutanota.com> wrote: 
> > [snip]  
> > > In other words, I'd expect our future trust in Ring-LWE and SIDH
> > > to evolve in different ways.  And counting papers will not be
> > > informative.   
> > 
> > Yeah probably.  I can envision having no choice but to use SIDH
> > sometime in the future (or vice versa).  It's an evolving field,
> > and my current mindset is "pick one or two that probably won't kill
> > the network (CPU/network/whatever)", integrate it in a way that is
> > easy to switch at a later point, and deploy it.  
> The important thing now is surely to get the protocol right so that
> we can slot algorithms in or out (then pick one or two that we
> actually want to integrate)

The relevant proposals here would be:


With emphasis on the 264, since that's probably how link handshake
crypto support will be signified.


Yawning Angel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160519/19668b3c/attachment.sig>

More information about the tor-dev mailing list