_ at lvh.io
Fri Apr 29 13:22:14 PDT 2016
This does look like a great set of developments and I don’t mean to diminish the paper in any way, but I think we’re still an incredible amount of research away from having this be something you can realistically use in production environments (granted; you don’t have to care much until you actually care about PQ crypto). In particular, the inability to verify that your DH mixed inputs aren’t malicious is a serious problem. That’s not a complaint about SIDH specifically; another recent IACR paper suggests that this is a decent description of the overall state of PQ.
> On Apr 29, 2016, at 1:20 PM, Trevor Perrin <trevp at trevp.net> wrote:
> This looks interesting:
> As I understand it, it's an elliptic curve approach to post-quantum security.
> Some advertised benefits:
> - Gives a DH function and apparently allows reuse of DH keypairs
> (e.g. ephemeral-static DH, static-static DH), so allows protocols
> similar to current ECDH (though the public-key validation to make this
> safe roughly doubles the cost of the DH).
> - There's a hybrid mode where a more traditional ECDH is integrated
> (though I'm not sure whether this is significantly better than just
> performing a 25519 or something alongside the SIDH, and hashing the
> Reasonable-sized keys (< 1KB). Performance seems a couple orders of
> magnitude above a well-optimized 25519, but that's not horrible for
> some cases. And perhaps there's room for more optimization?
> Curves mailing list
> Curves at moderncrypto.org
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 643 bytes
Desc: Message signed with OpenPGP using GPGMail
More information about the Curves