[curves] SIDH

Tony Arcieri bascule at gmail.com
Fri Apr 29 14:44:16 PDT 2016

On Fri, Apr 29, 2016 at 1:22 PM, lvh <_ at lvh.io> wrote:

> I think we’re still an incredible amount of research away from having this
> be something you can realistically use in production environments (granted;
> you don’t have to care much until you actually care about PQ crypto). In
> particular, the inability to verify that your DH mixed inputs aren’t
> malicious is a serious problem.

What's nice about SIDH is it's amenable to easily running side by side with
e.g. Curve25519 (and putting both shared secrets into a KDF or something
like that). You can rely on Curve25519 for security today, and maybe just
maybe SIDH will continue to provide confidentiality in a hypothetical
post-quantum world.

Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/curves/attachments/20160429/f2f7f27a/attachment.html>

More information about the Curves mailing list