trevp at trevp.net
Fri Apr 29 11:20:09 PDT 2016
This looks interesting:
As I understand it, it's an elliptic curve approach to post-quantum security.
Some advertised benefits:
- Gives a DH function and apparently allows reuse of DH keypairs
(e.g. ephemeral-static DH, static-static DH), so allows protocols
similar to current ECDH (though the public-key validation to make this
safe roughly doubles the cost of the DH).
- There's a hybrid mode where a more traditional ECDH is integrated
(though I'm not sure whether this is significantly better than just
performing a 25519 or something alongside the SIDH, and hashing the
Reasonable-sized keys (< 1KB). Performance seems a couple orders of
magnitude above a well-optimized 25519, but that's not horrible for
some cases. And perhaps there's room for more optimization?
More information about the Curves