On Fri, Apr 29, 2016 at 1:22 PM, lvh <_...@lvh.io> wrote: > I think we’re still an incredible amount of research away from having this > be something you can realistically use in production environments (granted; > you don’t have to care much until you actually care about PQ crypto). In > particular, the inability to verify that your DH mixed inputs aren’t > malicious is a serious problem.
What's nice about SIDH is it's amenable to easily running side by side with e.g. Curve25519 (and putting both shared secrets into a KDF or something like that). You can rely on Curve25519 for security today, and maybe just maybe SIDH will continue to provide confidentiality in a hypothetical post-quantum world. -- Tony Arcieri
_______________________________________________ Curves mailing list Curves@moderncrypto.org https://moderncrypto.org/mailman/listinfo/curves