On Sun, 03 Apr 2016 16:37:45 +0200 Jeff Burdges burdges@gnunet.org wrote:
On Sun, 2016-04-03 at 06:52 +0000, Yawning Angel wrote:
Your definition of "reasonably fast" doesn't match mine. The number for SIDH (key exchange, when the thread was going off on a tangent about signatures) is ~200ms.
What code were you running? I think the existing SIDH implementations should not be considered optimized. Sage is even used in : https://github.com/defeo/ss-isogeny-software I've no idea about performance myself, but obviously the curves used in SIDH are huge, and the operations are generic over curves. And existing signature schemes might be extra slow due to this virtual third or fourth party. I know folks like Luca De Feo have ideas for optimizing operations that much be generic over curves though.
http://cacr.uwaterloo.ca/techreports/2014/cacr2014-20.pdf
Is "optimized" in that, it is C with performance critical parts in assembly (Table 3 is presumably the source of the ~200 ms figure from the wikipedia article). As i said, i just took the performance figures at face value.
I'm sure it'll go faster with time, but like you, I'm probably not going to trust SIDH for a decade or so.
Regards,