[tor-bugs] #24990 [Core Tor/Tor]: Write a proposal for a post-quantum lattice KEX
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Jan 23 23:36:19 UTC 2018
#24990: Write a proposal for a post-quantum lattice KEX
--------------------------+------------------------------------------------
Reporter: isis | Owner: (none)
Type: task | Status: new
Priority: Medium | Milestone:
Component: Core | Version:
Tor/Tor |
Severity: Normal | Keywords: proposal cryptography post-quantum
Actual Points: | Parent ID: #24985
Points: | Reviewer:
Sponsor: Sponsor3 |
--------------------------+------------------------------------------------
As part of #24985, we'll need a solid, reviewed proposal for which post-
quantum key exchange we intend concretely to use.
My current idea for the key exchange is to use q=12289 and n=1024 (the
lattice parameters from [https://eprint.iacr.org/2015/1092 NewHope] and
other designs), along with the constant-time sampling protections I
devised while working on
[https://gitweb.torproject.org/torspec.git/tree/proposals/270-newhope-
hybrid-handshake.txt prop#270], ripping out the Voronoi-cell based
reconciliation mechanism and instead using a variant of the XE5
reconciliation from the NIST [https://mjos.fi/hila5/ HILA5] submission
(possibly tuning down the failure probability by increasing the noise,
which raises the security level, since our key exchange is interactive and
thus we don't care about having the 2^-128^ failure probability which
allows HILA5 to be used for public key encryption schemes).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24990>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list