[tor-dev] [proposal] RebelAlliance: A Post-Quantum Secure Hybrid Handshake Based on NewHope
isis agora lovecruft
isis at torproject.org
Sun May 22 13:44:45 UTC 2016
isis transcribed 35K bytes:
> Hello,
>
> Peter (in CC) and I have recently composed a draft proposal for a new Tor
> handshake. It's a hybrid handshake combining Tor's current X25519-based NTor
> handshake with the NewHope lattice-based key exchange, in order to protect the
> secrecy of Tor connections today from an attacker with a quantum computer in
> the future.
>
> I have not given the proposal a number. It is available in my
> `drafts/newhope` branch of my torspec repository:
>
> https://gitweb.torproject.org/user/isis/torspec.git/tree/proposals/XXX-newhope-hybrid-handshake.txt?h=draft/newhope
Boring SSL now includes a similar hybrid handshake under the name CECPQ1, [0]
which is a really horribly crappy name. No offense to the Boring developers,
but we're not that boring.
We're calling our handshake RebelAlliance, since it's an alliance between
X25519 and NewHope. The proposal has been updated to reflect this.
[0]: https://boringssl-review.googlesource.com/#/c/7962/
Best,
--
♥Ⓐ isis agora lovecruft
_________________________________________________________
OpenPGP: 4096R/0A6A58A14B5946ABDE18E207A3ADB67A2CDB8B35
Current Keys: https://fyb.patternsinthevoid.net/isis.txt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1240 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160522/515e6e8a/attachment.sig>
More information about the tor-dev
mailing list