[messaging] X3DH
Trevor Perrin
trevp at trevp.net
Wed Nov 9 14:26:56 PST 2016
On Tue, Nov 8, 2016 at 11:33 AM, stef <s at ctrlc.hu> wrote:
> On Fri, Nov 04, 2016 at 07:28:10PM -0700, Trevor Perrin wrote:
>> A spec for the "X3DH" key agreeement protocol used in Signal is
>> available at [1].
>>
>> We'd welcome feedback. Eventually we should take spec discussion to a
>> more specific venue, but hopefully this list doesn't mind for now.
>
> how about a simple post-quantum extension to this protocol ala cecpq1? like this:
>
> 1. besides the prekey, bob also publishes the public part of newhope_keygen,
> preferably also signed by the IKB.
Hi,
That's not crazy. But there's plenty of debate about relative merits
and parameter choices for post-quantum key exchange, even just looking
at lattice crypto (LWE, Ring-LWE, NTRU, NTRU Prime, etc).
I'm hoping the situation is clearer a year or so from now.
Trevor
More information about the Messaging
mailing list