This looks interesting: https://eprint.iacr.org/2016/413.pdf https://research.microsoft.com/en-us/projects/sidh/
As I understand it, it's an elliptic curve approach to post-quantum security. Some advertised benefits: - Gives a DH function and apparently allows reuse of DH keypairs (e.g. ephemeral-static DH, static-static DH), so allows protocols similar to current ECDH (though the public-key validation to make this safe roughly doubles the cost of the DH). - There's a hybrid mode where a more traditional ECDH is integrated (though I'm not sure whether this is significantly better than just performing a 25519 or something alongside the SIDH, and hashing the results). Reasonable-sized keys (< 1KB). Performance seems a couple orders of magnitude above a well-optimized 25519, but that's not horrible for some cases. And perhaps there's room for more optimization? Trevor _______________________________________________ Curves mailing list Curves@moderncrypto.org https://moderncrypto.org/mailman/listinfo/curves