Thanks Yawning. > Most of the changes since the paper has been released have been minor. > The last major algorithmic change I'm aware of was 20151209 which > altered the reconciliation mechanism (I don't particularly count the > March changes that changed the on-the-wire encoding format to be > major, it's just a more compact way to send the same things).
Don't get me wrong, I like the ring-LWE algorithm, I just wanted to sound a note of caution that there's a new version with different parameters, possibly incompatible with the previous version (depending on implementation), and that it's still pretty new so could change, or someone could find a problem with the security proof. > Kind of a moot point since by the time any of this will actually be > used in core tor things would have settled. And my gut feeling is > RingLWE will have performant, well defined implementations well before > SIDH is a realistic option. How long do you think it would take for tor? Is there a version of Zhang's quantum safe hybrid protocol for newhope? > I track the paper and reference code in the implementation I maintain. > FWIW, the performance hasn't changed noticeably, unless there's > something newer than 20160328. I can now see you've got a new version in your github repository. Is this standalone or have you tried incorporating it into tor source code yet? Thanks -- lukep _______________________________________________ tor-dev mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
