Hi all,
> 3. The only implementation that mitigates decryption failures completely,
killing information leaks to adversaries.
This is clearly a nice-to-have feature, but it comes with a tradeoff. To
remove decryption failures you need to increase the parameter q, but this
affects size (and so per
> I'd imagine everyone in this thread knows this, but New Hope requires
> that "both parties use fresh secrets for each instantiation".
NTRUEncrypt, which has also been proposed for this, can be used with
ephemeral or long-lived keys safely.
Cheers,
William
__
On Thu, Mar 3, 2016 at 3:16 PM, Yawning Angel
wrote:
> On Thu, 3 Mar 2016 16:33:42 + (UTC)
> lukep wrote:
> > Hi,
> > I'm trying to understand the hybrid protocol that's described here.
> > The server generates the parallel secret PAR_SEC or P and then
> > computes C = ENCRYPT( P | B | Y, Q
I can make that time, though I may be a bit late because of school drop-off.
William
On Wed, Feb 3, 2016 at 9:01 AM, isis wrote:
> isis transcribed 2.7K bytes:
> > Nick Mathewson transcribed 1.3K bytes:
> > > First, the next meeting is scheduled on #tor-dev this Thursday, at
> > > 9:00 am EST (
