[tor-talk] new paper on Tor and cryptography

Nick Mathewson nickm at freehaven.net
Sat Jan 10 20:18:25 UTC 2015


On Sat, Jan 10, 2015 at 9:28 AM, l.m <ter.one.leeboi at hush.com> wrote:
> Nick Mathewson wrote:
>>  Personally, if I were doing something like this, I'd aim closer to
>>  Yawning's "Basket" protocol, which uses an established PQ
> construction
>>  (ntru in Basket's case) rather than trying to invent a novel one.
>
> While you're asking  --
> Isn't that like saying who needs SHA-3 because SHA-2 hasn't been
> proven
> broken? Why not just use MD-contruct? It uses the same argument, yes,
> no?

I'd say that it's more like saying "Why should a include a proposal
for a Tor handshake also include a new elliptic curve? Or a new hash
function?"

> Has the future of PQ computing become so well established?

I wouldn't say so, but I would say that the problem of "let's design a
new PQ primitive" is independent from "let's design a PQ handshake for
an anonymity network."  Ideally, the first one is something you'd get
done in a way so as to be generally useful, and you could specify the
second in terms of the first.

-- 
Nick


More information about the tor-talk mailing list