After following a discussion on the Tor mailing list I saw something disturbing:
Yawning Angel transcribed 3.0K bytes:
On Sat, 18 Feb 2017 14:07:40 +0530
Jaskaran Singh wrote:
I’m particularly interested to work on making TOR Handshakes
Post-Quantum Safe. I feel that this should be implemented at the
earliest because adversaries could store the network traffic and
decrypt it later on using Quantum Computers when they’re invented.
So there’s good news and bad news.
The good news is that PQ handshake stuff will happen, sooner rather
The bad news is that, work on it is on going, and it does not make a
good GSOC project because, the bulk of the implementation work will
likely happen before the summer.
- Implement the NewHope-Simple algorithm because we’ll not be able
to use the Vanilla NewHope as it is protected by some patents. I
wasn’t able to find any implementation of NewHope Simple. So can the
Vanilla NewHope Implementation be tweaked to convert it into NewHope
Simple? Or would we have to write it from ground up? I don’t know
about the patent laws regarding it.
I haven’t talked to Peter in a while (and will ask him after I send
this), but I am not aware of any patent claims against the vanilla
NewHope algorithm (and the NewHope-Simple paper does not mention this
at all either).
Sorry, I’m being deliberately vague about this because I don’t want to feed
the patent trolls or provide a weapon to anyone who wants to fight against
good crypto, but the patent exists, and it affects nearly all lattice-based
handshakes. NewHope simple is not affected.
My (ongoing, but Nick asked me to stop last summer until there was funding
for it) work on integrating standard NewHope is here:
Ⓐ isis agora lovecruft
It seems latticed based quantum crypto has been tied down by patent trolls. How will this affect SAFE?