Simon Josefsson writes:
>> * SNTRUP761_CIPHERTEXT_SIZE: Probably right, even though I'm a bit
>> confused by the "ciphertext" terminology when there's no
>> corresponding plaintext.
>
> Yeah... I think this is actually an area that could do more work, since
> the output is combined but
Niels Möller writes:
> Simon Josefsson writes:
>
>> No objection, but I find it challenging to come up with a revised patch
>> that I feel comfortable with in the near future. I'm not sure I even
>> understood what unused functions you noticed (and how?); that fix would
>> be easy to do.
Niels Möller writes:
>>> My take was that it would be nice to add sntrup761 to Nettle ASAP to
>>> stabilize API and establish support for the algorithm -- we can optimize
>>> or improve the implementation later on (there are many optimized
>>> implementations around for different architectures
Niels Möller writes:
> And int32_divmod_uint14 looked unused.
My mistake, it's not unused. It is used (via int32_mod_uint14) by
F3_freeze and Fq_freeze, which appear to use signed representation, |x|
<= 1 and |x| <= (q-1)/2 respectively.
> For sorting, it may need a minor reorg to get rid of
Simon Josefsson writes:
> No objection, but I find it challenging to come up with a revised patch
> that I feel comfortable with in the near future. I'm not sure I even
> understood what unused functions you noticed (and how?); that fix would
> be easy to do. Gaining confidence in rewritten
Niels Möller writes:
> Simon Josefsson writes:
>
>>> In general, it makes sense to add support for post-quantum key exchange
>>> methods, another candidate seems to be https://classic.mceliece.org/
>>> (with the drawback of much larger pubkeys).
>>
>> +1
>
> I've been asking some other people
Simon Josefsson writes:
>> In general, it makes sense to add support for post-quantum key exchange
>> methods, another candidate seems to be https://classic.mceliece.org/
>> (with the drawback of much larger pubkeys).
>
> +1
I've been asking some other people too. sntrup seems to be a good
Thanks for reviewing this!
Niels Möller writes:
> Simon Josefsson writes:
>
>> This adds sntrup761, what do you think?
>
> What's the context/usecase? I saw some mails on the ietf-ssh list, but
> it was a bit unclear to me what the status of this algorithm is.
Sntrup761 is used by default in
Simon Josefsson writes:
> This adds sntrup761, what do you think?
What's the context/usecase? I saw some mails on the ietf-ssh list, but
it was a bit unclear to me what the status of this algorithm is.
In general, it makes sense to add support for post-quantum key exchange
methods, another
:00 2001
From: Simon Josefsson
Date: Thu, 11 May 2023 13:50:55 +0200
Subject: [PATCH] Add Streamlined NTRU Prime sntrup761.
---
Makefile.in|4 +-
nettle.texinfo | 49 ++
sntrup761.c| 1080
sntrup761.h
10 matches
Mail list logo
