[tor-dev] [proposal] RebelAlliance: A Post-Quantum Secure Hybrid Handshake Based on NewHope

isis agora lovecruft isis at torproject.org
Sun May 22 13:44:45 UTC 2016

isis transcribed 35K bytes:
> Hello,
> Peter (in CC) and I have recently composed a draft proposal for a new Tor
> handshake.  It's a hybrid handshake combining Tor's current X25519-based NTor
> handshake with the NewHope lattice-based key exchange, in order to protect the
> secrecy of Tor connections today from an attacker with a quantum computer in
> the future.
> I have not given the proposal a number.  It is available in my
> `drafts/newhope` branch of my torspec repository:
> https://gitweb.torproject.org/user/isis/torspec.git/tree/proposals/XXX-newhope-hybrid-handshake.txt?h=draft/newhope

Boring SSL now includes a similar hybrid handshake under the name CECPQ1, [0]
which is a really horribly crappy name.  No offense to the Boring developers,
but we're not that boring.

We're calling our handshake RebelAlliance, since it's an alliance between
X25519 and NewHope.  The proposal has been updated to reflect this.

[0]: https://boringssl-review.googlesource.com/#/c/7962/

 ♥Ⓐ isis agora lovecruft
OpenPGP: 4096R/0A6A58A14B5946ABDE18E207A3ADB67A2CDB8B35
Current Keys: https://fyb.patternsinthevoid.net/isis.txt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1240 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160522/515e6e8a/attachment.sig>

More information about the tor-dev mailing list