On Sat, Jan 10, 2015 at 9:28 AM, l.m <ter.one.lee...@hush.com> wrote: > Nick Mathewson wrote: >> Personally, if I were doing something like this, I'd aim closer to >> Yawning's "Basket" protocol, which uses an established PQ > construction >> (ntru in Basket's case) rather than trying to invent a novel one. > > While you're asking -- > Isn't that like saying who needs SHA-3 because SHA-2 hasn't been > proven > broken? Why not just use MD-contruct? It uses the same argument, yes, > no?
I'd say that it's more like saying "Why should a include a proposal for a Tor handshake also include a new elliptic curve? Or a new hash function?" > Has the future of PQ computing become so well established? I wouldn't say so, but I would say that the problem of "let's design a new PQ primitive" is independent from "let's design a PQ handshake for an anonymity network." Ideally, the first one is something you'd get done in a way so as to be generally useful, and you could specify the second in terms of the first. -- Nick -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
