Opened 19 months ago

Last modified 12 months ago

#24990 new task

Write a proposal for a post-quantum lattice KEX

Reported by: isis Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: proposal, cryptography, post-quantum, needs-proposal, 035-roadmap-master, 035-triaged-in-20180711
Cc: chelseakomlo Actual Points:
Parent ID: #24985 Points:
Reviewer: Sponsor: Sponsor3

Description

As part of #24985, we'll need a solid, reviewed proposal for which post-quantum key exchange we intend concretely to use.

My current idea for the key exchange is to use q=12289 and n=1024 (the lattice parameters from NewHope and other designs), along with the constant-time sampling protections I devised while working on prop#270, ripping out the Voronoi-cell based reconciliation mechanism and instead using a variant of the XE5 reconciliation from the NIST HILA5 submission (possibly tuning down the failure probability by increasing the noise, which raises the security level, since our key exchange is interactive and thus we don't care about having the 2-128 failure probability which allows HILA5 to be used for public key encryption schemes).

Child Tickets

Change History (7)

comment:1 Changed 15 months ago by nickm

Keywords: needs-proposal 035-roadmap-proposed added

comment:2 Changed 15 months ago by nickm

Milestone: Tor: unspecified

comment:3 Changed 14 months ago by nickm

Keywords: 035-roadmap added; 035-roadmap-proposed removed

comment:4 Changed 14 months ago by chelseakomlo

Cc: chelseakomlo added

comment:5 Changed 14 months ago by nickm

Keywords: 035-roadmap-master added; 035-roadmap removed
Milestone: Tor: unspecifiedTor: 0.3.5.x-final

comment:6 Changed 13 months ago by nickm

Keywords: 035-triaged-in-20180711 added

comment:7 Changed 12 months ago by nickm

Milestone: Tor: 0.3.5.x-finalTor: unspecified

We won't get PQ or wide-create done in this release. :/

Note: See TracTickets for help on using tickets.