[tor-dev] R-LWE KEX error reconciliation improvements (was: Further New Hope Improvements)

isis agora lovecruft isis at torproject.org
Wed May 24 00:19:13 UTC 2017

bancfc at openmailbox.org transcribed 0.6K bytes:
> New paper released a week ago makes further improvements on New Hope,
> reducing decryption failure rates, ciphertext size and amount of entropy
> needed. This new version will be submitted as a NIST PQ competition
> candidate.
> https://eprint.iacr.org/2017/424


Thanks for sharing this!

Point of clarification: rather than a new version of NewHope, it's a more
efficient reconciliation method for R-LWE based KEX (and encryption schemes
too, since the newer reconciliation makes the error rate low enough).  The
only connection to NewHope is that it uses the same parameter choices for
the underlying polynomial ring.

But!  This is exciting, not only because it has smaller message sizes and
specifications for constant-time implementations (and decent reference
code!), but because it appears to me¹ that this new method is not subject to
the same patent claims as NewHope theoretically is.

¹ I am not a lawyer.  (Fortunately.)

 ♥Ⓐ isis agora lovecruft
OpenPGP: 4096R/0A6A58A14B5946ABDE18E207A3ADB67A2CDB8B35
Current Keys: https://fyb.patternsinthevoid.net/isis.txt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1240 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20170524/65b77605/attachment.sig>

More information about the tor-dev mailing list