Opened 3 years ago

Last modified 2 years ago

#24990 new task

Write a proposal for a post-quantum lattice KEX

Reported by: isis Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: proposal, cryptography, post-quantum, needs-proposal, 035-roadmap-master, 035-triaged-in-20180711
Cc: chelseakomlo Actual Points:
Parent ID: #24985 Points:
Reviewer: Sponsor: Sponsor3


As part of #24985, we'll need a solid, reviewed proposal for which post-quantum key exchange we intend concretely to use.

My current idea for the key exchange is to use q=12289 and n=1024 (the lattice parameters from NewHope and other designs), along with the constant-time sampling protections I devised while working on prop#270, ripping out the Voronoi-cell based reconciliation mechanism and instead using a variant of the XE5 reconciliation from the NIST HILA5 submission (possibly tuning down the failure probability by increasing the noise, which raises the security level, since our key exchange is interactive and thus we don't care about having the 2-128 failure probability which allows HILA5 to be used for public key encryption schemes).

Child Tickets

Change History (7)

comment:1 Changed 2 years ago by nickm

Keywords: needs-proposal 035-roadmap-proposed added

comment:2 Changed 2 years ago by nickm

Milestone: Tor: unspecified

comment:3 Changed 2 years ago by nickm

Keywords: 035-roadmap added; 035-roadmap-proposed removed

comment:4 Changed 2 years ago by chelseakomlo

Cc: chelseakomlo added

comment:5 Changed 2 years ago by nickm

Keywords: 035-roadmap-master added; 035-roadmap removed
Milestone: Tor: unspecifiedTor: 0.3.5.x-final

comment:6 Changed 2 years ago by nickm

Keywords: 035-triaged-in-20180711 added

comment:7 Changed 2 years ago by nickm

Milestone: Tor: 0.3.5.x-finalTor: unspecified

We won't get PQ or wide-create done in this release. :/

Note: See TracTickets for help on using tickets.