ersion will
be ready in a
couple of days.
The data are based on ntru-443 with CCA-2. By moving to CPA, we may be able
to
save say 30% of computation. The ntru-743 is roughly 2.5x slower than
ntru-443.
Cheers,
Zhenfei
On Thu, May 26, 2016 at 1:35 AM, Peter Schwabe wrote:
> Zhenfei Zhang wr
Hi Peter,
Thanks for such a nice overview of current discussions. Just want to
give a quick update on the NTRU.
> - NTRU is around for the longest time and has, even with high-security
> parameters, fairly short messages. However, existing software
> implementations (at least the ones in SUP
Sorry, my bad. Please ignore my previous email. I just noticed that here A
is
not the public polynomial \hat{a} in the R-LWE setting, but the
concatenation
of a seed that generates \hat{a}, and client's side of secret \hat{b} =
\hat{a} s+e
Zhenfei
On Mon, May 9, 2016 at 2:04 PM, Zhenfei
Hi all,
If I understand it properly, in the proposal the client need to send the
whole
matrix A during the first initiation message. I draw this conclusion from
the
datagram:
| a, A := NEWHOPE_KEYGEN(SEED)
|
| CLIENT_HDATA := ID || Z || X || A
|
|
.2
Author: John SCHANCK, William WHYTE and Zhenfei ZHANG
Created: 29 Aug 2015
Updated: 4 Feb 2016
Status: Open
1. Introduction
Recognized handshake types are:
0x TAP -- the original Tor handshake;
0x0001 reserved
0x0002 ntor-- the ntor+curve25519+sha256 handsh
8:30 am EST tomorrow is good for me too.
Just wondering, though, do you have a pointer to some tutorial of the IRC
that we will be using?
Thanks!
Zhenfei
On Wed, Feb 3, 2016 at 10:09 AM, William Whyte <
wwh...@securityinnovation.com> wrote:
> I can make that time, though I may be a bit late beca
version.
Thanks for your time, and please let us know if you have any further
comments/suggestions.
Cheers,
Zhenfei
Title: Request to change key exchange protocol for handshake v1.1
Author: John SCHANCK, William WHYTE and Zhenfei ZHANG
Created: 9 Jan 2016
1. Introduction
Recognized handshake
threading will pay for the CPU cost
> increases here, but I'll need to do some benchmarking to be certain.
Thanks. I didn't know that.
Cheers,
Zhenfei
On Mon, Jan 4, 2016 at 1:26 PM, Yawning Angel
wrote:
> (Note: Snipping liberally for brevity)
>
> On Mon, 4 Jan 2016 11:
Hi Flipchan,
There are reference implementation of quantum-safe cryptographic
algorithms, such
as NTRU encryption algorithm (in libntruencrypt):
https://github.com/NTRUOpenSourceProject/NTRUEncrypt
and BLISS signature algorithm,
http://bliss.di.ens.fr/
Those are independent softwares. But for wha
Hi all,
Thanks for all the comments. Sorry I wasn't able to reply immediately.
Please allow
me to summarize the comments. I see mainly the following questions.
1. Quantum-safe authentication.
As Yawning has pointed out,
> I personally don't think that any of the PQ signature schemes are usable
>
hentication. Hence, we use
ntor
authentication to keep the proposal compact and simple. It will be a future
work
after this proposal.
Thanks for your time, and happy holidays!
Zhenfei Zhang
Security Innovation.
Title: Request to change key exchange protocol for handshake
Author: John SCHANCK,
11 matches
Mail list logo
