[curves] SIDH
Trevor Perrin
trevp at trevp.net
Fri Apr 29 11:20:09 PDT 2016
This looks interesting:
https://eprint.iacr.org/2016/413.pdf
https://research.microsoft.com/en-us/projects/sidh/
As I understand it, it's an elliptic curve approach to post-quantum security.
Some advertised benefits:
- Gives a DH function and apparently allows reuse of DH keypairs
(e.g. ephemeral-static DH, static-static DH), so allows protocols
similar to current ECDH (though the public-key validation to make this
safe roughly doubles the cost of the DH).
- There's a hybrid mode where a more traditional ECDH is integrated
(though I'm not sure whether this is significantly better than just
performing a 25519 or something alongside the SIDH, and hashing the
results).
Reasonable-sized keys (< 1KB). Performance seems a couple orders of
magnitude above a well-optimized 25519, but that's not horrible for
some cases. And perhaps there's room for more optimization?
Trevor
More information about the Curves
mailing list