[noise] Post Quantum SIDHp751 with Noise

Rhys Weatherley rhys.weatherley at gmail.com
Sun Jul 24 12:20:06 PDT 2016

On Mon, Jul 25, 2016 at 2:11 AM, Peter Schwabe <peter at cryptojedi.org> wrote:

> Probably I should just look at the code, but what validation did you
> include there? Is it the one described in the Crypto 2016 paper or the
> NSA validation? I'm asking because the one by Costello, Longa, and
> Naehrig is (as far as I understand) only against passive attackers
> (i.e., not for static keys).

I'm using the Validate_PKA() and Validate_PKB() functions from Microsoft's
reference code.  What those functions are doing behind the scenes I could
not say.

This was more an experiment on my part: can something with the structure of
SIDHp751 be integrated into Noise and how many of the Noise patterns can we
get while doing that?

The code is all off in a branch and I'm not planning to merge it into
master any time soon.  The reference code is a little messy (lots of
compiler warnings), it's slow compared to New Hope, I'm still a little iffy
as to whether using SIDH for more than ephemeral key exchanges is a good
idea, and yes the validation rules make alarms go off in my head.

When used right I'm sure it is a pretty good algorithm, but if it is hard
to use right ...


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20160725/c1ef707e/attachment.html>

More information about the Noise mailing list