Niels Möller writes:
> And int32_divmod_uint14 looked unused.
My mistake, it's not unused. It is used (via int32_mod_uint14) by
F3_freeze and Fq_freeze, which appear to use signed representation, |x|
<= 1 and |x| <= (q-1)/2 respectively.
> For sorting, it may need a minor reorg to get rid of
Simon Josefsson writes:
> No objection, but I find it challenging to come up with a revised patch
> that I feel comfortable with in the near future. I'm not sure I even
> understood what unused functions you noticed (and how?); that fix would
> be easy to do. Gaining confidence in rewritten
Niels Möller writes:
> Simon Josefsson writes:
>
>>> In general, it makes sense to add support for post-quantum key exchange
>>> methods, another candidate seems to be https://classic.mceliece.org/
>>> (with the drawback of much larger pubkeys).
>>
>> +1
>
> I've been asking some other people
Simon Josefsson writes:
>> In general, it makes sense to add support for post-quantum key exchange
>> methods, another candidate seems to be https://classic.mceliece.org/
>> (with the drawback of much larger pubkeys).
>
> +1
I've been asking some other people too. sntrup seems to be a good
Thanks for reviewing this!
Niels Möller writes:
> Simon Josefsson writes:
>
>> This adds sntrup761, what do you think?
>
> What's the context/usecase? I saw some mails on the ietf-ssh list, but
> it was a bit unclear to me what the status of this algorithm is.
Sntrup761 is used by default in