Not sure if this has been noted before on this thread, but the BoringSSL team is working on something very similar:
https://boringssl-review.googlesource.com/#/c/7962/
On Thu, May 19, 2016 at 1:01 PM Yawning Angel yawning@schwanenlied.me wrote:
On Tue, 17 May 2016 17:49:46 +0000 (UTC) lukep lukep@tutanota.com wrote:
[snip]
In other words, I'd expect our future trust in Ring-LWE and SIDH to evolve in different ways. And counting papers will not be informative.
Yeah probably. I can envision having no choice but to use SIDH sometime in the future (or vice versa). It's an evolving field, and my current mindset is "pick one or two that probably won't kill the network (CPU/network/whatever)", integrate it in a way that is easy to switch at a later point, and deploy it.
The important thing now is surely to get the protocol right so that we can slot algorithms in or out (then pick one or two that we actually want to integrate)
The relevant proposals here would be:
https://gitweb.torproject.org/torspec.git/tree/proposals/264-subprotocol-ver...
https://gitweb.torproject.org/torspec.git/tree/proposals/249-large-create-ce...
With emphasis on the 264, since that's probably how link handshake crypto support will be signified.
Regards,
-- Yawning Angel _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev