On Tue, 17 May 2016 17:49:46 +0000 (UTC) lukep lukep@tutanota.com wrote:
[snip]
In other words, I'd expect our future trust in Ring-LWE and SIDH to evolve in different ways. And counting papers will not be informative.
Yeah probably. I can envision having no choice but to use SIDH sometime in the future (or vice versa). It's an evolving field, and my current mindset is "pick one or two that probably won't kill the network (CPU/network/whatever)", integrate it in a way that is easy to switch at a later point, and deploy it.
The important thing now is surely to get the protocol right so that we can slot algorithms in or out (then pick one or two that we actually want to integrate)
The relevant proposals here would be:
https://gitweb.torproject.org/torspec.git/tree/proposals/264-subprotocol-ver... https://gitweb.torproject.org/torspec.git/tree/proposals/249-large-create-ce...
With emphasis on the 264, since that's probably how link handshake crypto support will be signified.
Regards,