[curves] SIDH

lvh _ at lvh.io
Fri Apr 29 13:22:14 PDT 2016


Hi,


This does look like a great set of developments and I don’t mean to diminish the paper in any way, but I think we’re still an incredible amount of research away from having this be something you can realistically use in production environments (granted; you don’t have to care much until you actually care about PQ crypto). In particular, the inability to verify that your DH mixed inputs aren’t malicious is a serious problem. That’s not a complaint about SIDH specifically; another recent IACR paper suggests that this is a decent description of the overall state of PQ[1].

[1]: https://eprint.iacr.org/2016/415


lvh

> On Apr 29, 2016, at 1:20 PM, Trevor Perrin <trevp at trevp.net> wrote:
> 
> This looks interesting:
> 
> https://eprint.iacr.org/2016/413.pdf
> https://research.microsoft.com/en-us/projects/sidh/
> 
> 
> As I understand it, it's an elliptic curve approach to post-quantum security.
> 
> Some advertised benefits:
> 
> - Gives a DH function and apparently allows reuse of DH keypairs
> (e.g. ephemeral-static DH, static-static DH), so allows protocols
> similar to current ECDH (though the public-key validation to make this
> safe roughly doubles the cost of the DH).
> 
> - There's a hybrid mode where a more traditional ECDH is integrated
> (though I'm not sure whether this is significantly better than just
> performing a 25519 or something alongside the SIDH, and hashing the
> results).
> 
> Reasonable-sized keys (< 1KB).  Performance seems a couple orders of
> magnitude above a well-optimized 25519, but that's not horrible for
> some cases.  And perhaps there's room for more optimization?
> 
> 
> Trevor
> _______________________________________________
> Curves mailing list
> Curves at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/curves

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 643 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://moderncrypto.org/mail-archive/curves/attachments/20160429/8e52f5cc/attachment.sig>


More information about the Curves mailing list