Trevor Perrin

2016-04-29 18:20:09 UTC

This looks interesting:

https://eprint.iacr.org/2016/413.pdf

https://research.microsoft.com/en-us/projects/sidh/

As I understand it, it's an elliptic curve approach to post-quantum security.

Some advertised benefits:

- Gives a DH function and apparently allows reuse of DH keypairs

(e.g. ephemeral-static DH, static-static DH), so allows protocols

similar to current ECDH (though the public-key validation to make this

safe roughly doubles the cost of the DH).

- There's a hybrid mode where a more traditional ECDH is integrated

(though I'm not sure whether this is significantly better than just

performing a 25519 or something alongside the SIDH, and hashing the

results).

Reasonable-sized keys (< 1KB). Performance seems a couple orders of

magnitude above a well-optimized 25519, but that's not horrible for

some cases. And perhaps there's room for more optimization?

Trevor

https://eprint.iacr.org/2016/413.pdf

https://research.microsoft.com/en-us/projects/sidh/

As I understand it, it's an elliptic curve approach to post-quantum security.

Some advertised benefits:

- Gives a DH function and apparently allows reuse of DH keypairs

(e.g. ephemeral-static DH, static-static DH), so allows protocols

similar to current ECDH (though the public-key validation to make this

safe roughly doubles the cost of the DH).

- There's a hybrid mode where a more traditional ECDH is integrated

(though I'm not sure whether this is significantly better than just

performing a 25519 or something alongside the SIDH, and hashing the

results).

Reasonable-sized keys (< 1KB). Performance seems a couple orders of

magnitude above a well-optimized 25519, but that's not horrible for

some cases. And perhaps there's room for more optimization?

Trevor