
CECPQ1 results - arkadiyt
https://www.imperialviolet.org/2016/11/28/cecpq1.html
======
Panino
Thank you for doing this experiment!

> [W]e did not find any un­ex­pected im­ped­i­ment to de­ploy­ing some­thing
> like NewHope. There were no re­ported prob­lems caused by en­abling it.

It's great to have this data.

Minor question: I assume CECPQ1 stands for something like Concatenated
Elliptic Curve w/ Post-Quantum #1, right?

Bigger question: will there be a CECPQ2 experiment? I really hope so! Based on
how CECPQ1 was constructed (X25519+Newhope), and how this experiment was
executed, I'd love to see Google continue playing an active role in PQ
experimentation.

~~~
agl
No plans for a CECPQ2 at the moment, although I believe that the general
structure of running both an EC and PQ key agreement concurrently is likely a
good idea in the future until time gives us better confidence in the PQ half.

I'm hoping that we'll have some consensus in a year or two on a good candidate
PQ algorithm that we can get deployed across several implementations. It might
be very similar to NewHope, or perhaps Shor et al will break lattices in
general :)

(C in CECPQ1 was "combined".)

------
problems
Holy shit, this is potentially huge.

Any good "Cryptography Engineering"-style post on this NewHope algorithm
explaining what it does and its limitations? Any reason not to get excited
about this being done in a practical application?

~~~
hannob
Watch this video:
[https://www.youtube.com/watch?v=X6V1N64eEuc](https://www.youtube.com/watch?v=X6V1N64eEuc)

I learned quite a lot. It's from one of NH's inventors (Peter Schwabe aka
cryptojedi).

------
hannob
I'm a bit disappointed that google is finishing this experiment so early.

I think there are good arguments to deploy postquantum-ecc-hybrid schemes
today. If quantum computers are only 10-15 years away, which some scientists
think, then there is a legitimate interest to protect today's communication
against future adversaries.

Therefore I would've liked to see something like CECPQ1 as a preliminary
cipher suite that gets used for a couple of years until we have something
better.

