[messaging] Post-quantum forward-secrecy
Jeff Burdges
burdges at gnunet.org
Wed Aug 5 08:56:37 PDT 2015
On Wed, 2015-08-05 at 08:21 -0700, Adam Langley wrote:
> On Wed, Aug 5, 2015 at 7:35 AM, Jeff Burdges <burdges at gnunet.org> wrote:
> > As I understand it, there are no mature post-quantum Diffie-Hellman
> > alternatives
>
> Is that true? Can't one easily build it from lattices? I know lots of
> people are working on adding bits of structure to lattices to try and
> shrink and speed them up but, if you're willing to suffer large (10s
> of KBs) public values, then completely random lattices are reasonably
> mature, I think.
Interesting. I know far less than you about them, but reactions were
rather meh on curves, probably everyone assumed speed mattered. :)
In principle, there is nothing wrong with huge PQ key sizes, maybe even
exceeding message size, as you only need the PQ to work once against a
PHQ adversary, after that Axolotl has you covered.
> (PLEASE CONSULT WITH YOUR DJB, OR OTHER QUALIFIED CRYPTOGRAPHIC
> PROFESSIONAL BEFORE USING ANY PRIMITIVE DISCUSSED WITHIN THIS EMAIL.)
:)
Thanks, Jeff
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20150805/fd02dff4/attachment.sig>
More information about the Messaging
mailing list