On Wed, 2015-08-05 at 08:21 -0700, Adam Langley wrote: > On Wed, Aug 5, 2015 at 7:35 AM, Jeff Burdges <[email protected]> wrote: > > As I understand it, there are no mature post-quantum Diffie-Hellman > > alternatives > > Is that true? Can't one easily build it from lattices? I know lots of > people are working on adding bits of structure to lattices to try and > shrink and speed them up but, if you're willing to suffer large (10s > of KBs) public values, then completely random lattices are reasonably > mature, I think.
Interesting. I know far less than you about them, but reactions were rather meh on curves, probably everyone assumed speed mattered. :) In principle, there is nothing wrong with huge PQ key sizes, maybe even exceeding message size, as you only need the PQ to work once against a PHQ adversary, after that Axolotl has you covered. > (PLEASE CONSULT WITH YOUR DJB, OR OTHER QUALIFIED CRYPTOGRAPHIC > PROFESSIONAL BEFORE USING ANY PRIMITIVE DISCUSSED WITHIN THIS EMAIL.) :) Thanks, Jeff
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
