[noise] Post Quantum SIDHp751 with Noise
Rhys Weatherley
rhys.weatherley at gmail.com
Fri Jul 22 14:41:51 PDT 2016
The "sidh" branch in Noise-C now contains a back-end for SIDHp751, for
testing and evaluation, using Microsoft's MIT-licensed reference code [1],
paper [2].
SIDHp751 is a full Diffie-Hellman scheme, supporting both ephemeral and
static public keys, so all Noise handshake patterns are possible. I've
added a page to the wiki [3] providing the details. There are some
suggestions there as to how to modify the Noise specification to better
accommodate post-quantum algorithms.
This is a "pure" Noise integration with a fully post-quantum handshake. As
we have discussed earlier, mixing classical and post-quantum is much
better. I did this experiment mostly to confirm that an SIDH-style
algorithm is capable of anything that 25519/448 can do.
The main catch is the speed, or lack thereof. On my machine, I get around
65 keypair generations per second with the x86-64 assembly back-end (20 per
second with the plain C version). This is compared to around 9000 per
second for the plain C New Hope reference code [/proc/cpuinfo sez: Intel(R)
Core(TM) i7-3770 CPU @ 3.40GHz].
If we are looking to only add post-quantum forward secrecy to Noise at the
moment, New Hope looks like the better bet.
Cheers,
Rhys.
[1] https://www.microsoft.com/en-us/download/details.aspx?id=52438
[2] https://eprint.iacr.org/2016/413.pdf
[3]
https://github.com/noiseprotocol/noise_wiki/wiki/Post-Quantum-Noise-with-SIDHp751
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20160723/8dcd82d9/attachment.html>
More information about the Noise
mailing list