On Sun, 17 Sep 2017 21:04:28 -0400
Nick Mathewson wrote:
> I think the first step here is to instrument relays to figure out what
> fraction of their cryptography is relay cell cryptography: this could
> tells us what slowdown we should expect. (It _should_ be about a
> third of our current cell
On Sat, Sep 2, 2017 at 4:16 AM, Peter Schwabe wrote:
> Yawning Angel wrote:
>
>
> Hi Yawning, hi all,
>
>> Note, I'm not hating on Farfalle, I need to look at it more, and the
>> last time I gave serious thought to this question in a Tor context was
>> back around the time Prop 261 was being draf
Yawning Angel wrote:
Hi Yawning, hi all,
> Note, I'm not hating on Farfalle, I need to look at it more, and the
> last time I gave serious thought to this question in a Tor context was
> back around the time Prop 261 was being drafted.
>
> The answer to this from my point of view is "not slow
On Tue, 22 Aug 2017 20:47:06 +0200
Peter Schwabe wrote:
> Yawning Angel wrote:
>
> Hi Yawning, hi all,
>
> > Ultimately none of this matters because Prop. 261 is dead in the
> > water. Assuming people want the new cell crypto to be both fragile
> > and to resist tagging attacks, Farfalle may b
Yawning Angel wrote:
Hi Yawning, hi all,
> Ultimately none of this matters because Prop. 261 is dead in the
> water. Assuming people want the new cell crypto to be both fragile and
> to resist tagging attacks, Farfalle may be a better choice, assuming
> there's a Keccak-p parameterization such
On Sun, 20 Aug 2017 16:32:17 +
Taylor R Campbell wrote:
> > ... I'm not seeing your point. Even prior to that paper, AEZ
> > wasn't thought to be quantum resistant in anyway shape or form, and
> > providing quantum resistance wasn't part of the design goals of the
> > primitive, or really wh
> Date: Sat, 19 Aug 2017 06:55:29 +
> From: Yawning Angel
>
> On Sat, 19 Aug 2017 04:11:16 -
> ban...@openmailbox.org wrote:
> > Boom headshot! AEZ is dead in the water post quantum:
> >
> > Paper name: Quantum Key-Recovery on full AEZ
> >
> > https://eprint.iacr.org/2017/767.pdf
>
> .
On Sat, 19 Aug 2017 04:11:16 -
ban...@openmailbox.org wrote:
> Boom headshot! AEZ is dead in the water post quantum:
>
> Paper name: Quantum Key-Recovery on full AEZ
>
> https://eprint.iacr.org/2017/767.pdf
... I'm not seeing your point. Even prior to that paper, AEZ wasn't
thought to be q
If I understand correctly, DJB describes how NTRU-Prime is more robust against
certain attack classes that Ring-LWE is more prone to:
https://twitter.com/hashbreaker/status/880086983057526784
***
About two months later DJB releases a streamlined version of NTRU-Prime that is
faster, safer and