Re: [tor-dev] Post-quantum proposals #269 and #270

2016-09-08 Thread isis agora lovecruft
isis agora lovecruft transcribed 8.6K bytes: > For the repeated suggestion of SIDH, [3] I expect we'll soon see concrete > details and improvements to the attacks mentioned in (and which they establish > "direct validation" measures to defend against in §9 of) "Efficient algorithms > for supersingu

Re: [tor-dev] Post-quantum proposals #269 and #270

2016-08-08 Thread isis agora lovecruft
lu...@tutanota.com transcribed 8.8K bytes: > 5. Aug 2016 15:07 by i...@torproject.org: > > So it's not an either-or situation for proposals #269 and #270 — they are > > entirely compatible and #269 is meant to provide modularity. > > Thanks - that wasn't clear to me, although I can see that they a

Re: [tor-dev] Post-quantum proposals #269 and #270

2016-08-08 Thread lukep
5. Aug 2016 15:07 by i...@torproject.org: > lu...@tutanota.com> transcribed 3.2K bytes: >> Great to see the community making progress with post-quantum handshakes. > > Hello, > > Thanks! :) > >> But I'm wondering what's going to happen with Proposals #269 and #270. #269 >> seems to allow any po

Re: [tor-dev] Post-quantum proposals #269 and #270

2016-08-05 Thread isis agora lovecruft
lu...@tutanota.com transcribed 3.2K bytes: > Great to see the community making progress with post-quantum handshakes. Hello, Thanks! :) > But I'm wondering what's going to happen with Proposals #269 and #270. #269 > seems to allow any post-quantum algorithm to be used in the hybrid with > NTRUEn

Re: [tor-dev] Post-quantum proposals #269 and #270

2016-08-05 Thread Henry de Valence
On Thu, Aug 04, 2016 at 08:32:43PM +0100, lu...@tutanota.com wrote: > Great to see the community making progress with post-quantum handshakes. But > I'm wondering what's going to happen with Proposals #269 and #270. If you consult the current proposal-status.txt in the torspec repository [0], yo

Re: [tor-dev] Post-quantum proposals #269 and #270

2016-08-05 Thread Jeff Burdges
I suspect the two known families you "do not want to rule out" are SIDH schemes and LWE schemes with no ring structure, like Frodo. At present SIDH is too slow and LWE keys are too big, but both could improve dramatically over the next several years. Jeff signature.asc Description: This is

[tor-dev] Post-quantum proposals #269 and #270

2016-08-04 Thread lukep
Great to see the community making progress with post-quantum handshakes. But I'm wondering what's going to happen with Proposals #269 and #270. #269 seems to allow any post-quantum algorithm to be used in the hybrid with NTRUEncrypt and NewHope being specified as two options (presumably other op