[tor-dev] Quantum-safe Hybrid handshake for Tor

Yawning Angel yawning at schwanenlied.me
Sun Apr 3 15:36:24 UTC 2016


On Sun, 03 Apr 2016 16:37:45 +0200
Jeff Burdges <burdges at gnunet.org> wrote:
> On Sun, 2016-04-03 at 06:52 +0000, Yawning Angel wrote:
> > Your definition of "reasonably fast" doesn't match mine.  The
> > number for SIDH (key exchange, when the thread was going off on a
> > tangent about signatures) is ~200ms.    
> 
> What code were you running?  I think the existing SIDH implementations
> should not be considered optimized.  Sage is even used in : 
> https://github.com/defeo/ss-isogeny-software  
> I've no idea about performance myself, but obviously the curves used
> in SIDH are huge, and the operations are generic over curves.  And
> existing signature schemes might be extra slow due to this virtual
> third or fourth party.  I know folks like Luca De Feo have ideas for
> optimizing operations that much be generic over curves though.  

http://cacr.uwaterloo.ca/techreports/2014/cacr2014-20.pdf

Is "optimized" in that, it is C with performance critical parts in
assembly (Table 3 is presumably the source of the ~200 ms figure from
the wikipedia article).  As i said, i just took the performance figures
at face value.

I'm sure it'll go faster with time, but like you, I'm probably not going
to trust SIDH for a decade or so.

Regards,

-- 
Yawning Angel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160403/5be8c87a/attachment.sig>


More information about the tor-dev mailing list