Hi,
This does look like a great set of developments and I don’t mean to diminish the paper in any way, but I think we’re still an incredible amount of research away from having this be something you can realistically use in production environments (granted; you don’t have to care much until you actually care about PQ crypto). In particular, the inability to verify that your DH mixed inputs aren’t malicious is a serious problem. That’s not a complaint about SIDH specifically; another recent IACR paper suggests that this is a decent description of the overall state of PQ[1]. [1]: https://eprint.iacr.org/2016/415 lvh > On Apr 29, 2016, at 1:20 PM, Trevor Perrin <[email protected]> wrote: > > This looks interesting: > > https://eprint.iacr.org/2016/413.pdf > https://research.microsoft.com/en-us/projects/sidh/ > > > As I understand it, it's an elliptic curve approach to post-quantum security. > > Some advertised benefits: > > - Gives a DH function and apparently allows reuse of DH keypairs > (e.g. ephemeral-static DH, static-static DH), so allows protocols > similar to current ECDH (though the public-key validation to make this > safe roughly doubles the cost of the DH). > > - There's a hybrid mode where a more traditional ECDH is integrated > (though I'm not sure whether this is significantly better than just > performing a 25519 or something alongside the SIDH, and hashing the > results). > > Reasonable-sized keys (< 1KB). Performance seems a couple orders of > magnitude above a well-optimized 25519, but that's not horrible for > some cases. And perhaps there's room for more optimization? > > > Trevor > _______________________________________________ > Curves mailing list > [email protected] > https://moderncrypto.org/mailman/listinfo/curves
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Curves mailing list [email protected] https://moderncrypto.org/mailman/listinfo/curves
