[tor-dev] [prop269] [prop270] Ideas from Tor Meeting Discussion on Post-Quantum Crypto

Sat Apr 1 02:20:47 UTC 2017

Hey hey,

In summary of the breakaway group we had last Saturday on post-quantum
cryptography in Tor, there were a few potentially good ideas I wrote down,
just in case they didn't make it into the meeting notes:

 * A client should be able to configure "I require my entire circuit to have
   PQ handshakes" and "I require at least one handshake in my circuits to be
   PQ".  (Previously, we had only considered having consensus parameters, in
   order to turn the feature on e.g. once 20% of relays supported the new
   handshake method.)

 * Using stateful hash-based signatures to sign descriptors and/or consensus
   documents, and (later) if state has been lost or compromised, then request
   the last such document submitted to regain state (probably skipping over
   all the leaves of the last used node in the tree, or the equivalent, to be
   safe).  (This requires more concrete design analysis, including the effects
   of the large size of hash-based signatures on the directory bandwidth
   usage, probably in a proposal or longer write up, should someone awesome
   decides to research this idea further. :)

Thanks to everyone involved in the breakaway group, and I apologise, but I
don't actually remember all the attendants off the top of my head.  If either
of these were your idea, please message me off-list and I'll ensure you're
credited in the eventual proposal(s)/documentation.

Best regards,
-- 
 ♥Ⓐ isis agora lovecruft
_________________________________________________________
OpenPGP: 4096R/0A6A58A14B5946ABDE18E207A3ADB67A2CDB8B35
Current Keys: https://fyb.patternsinthevoid.net/isis.txt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1240 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20170401/8aafd094/attachment.sig>