A gentle introduction to isogeny-based cryptography [pdf]

[jaymzcampbell]

My group theory is far too rusty to gather what is really going on here, but having looked at the Wikipedia article on SIDH the reason this might be of particular interest is it is a "post quantum" crypto algo - i.e. thought to be secure against attack using a quantum computer.

[eximius]

That is the only reason it is interesting, I think. It is likely inferior in basically every other way.

NTRU is likely the most accessible post-quantum crypto as it resembles RSA on convolution polynomials, if you squint at it. It's security is based off of Lattices (integer coefficient subspaces).

This one looks like it requires only a (slightly advanced) undergraduate level in group theory, but there are big gaps from being just slides. Of course, I could actually only think I understand it and be completely wrong. ;)

[IncRnd]

What would have been good to call out on the Diffie-Hellman Instantiations slide is that SIDH supports forward secrecy.

[eximius]

Isn't that more a property of the protocol than the underlying crypto? What DH exchange can't support forward secrecy?

[IncRnd]

Agreed, but the distinction you draw between kex and keys doesn't exist on the slide, which was my point. I could have worded that better.

The slide I referred to mentioned the instantiations, not all of which provide pfs.

[josephv]

Not gentle

[durumcrustulum]

This was given at an academic crypto conference, it would be considered gentle-ish for that audience, not hacker news.

[cmrx64]

Might be more gentle with the speaker actually presenting, instead of just slides :)

[Chaebixi]

Maybe a bit more gentile to an audience of cryptographers.

http://www-users.math.umn.edu/~math-sa-sara0050/space16/sche...

http://www-users.math.umn.edu/~math-sa-sara0050/space16/sche...

[eximius]

Do we have a link to the talk?

[IncRnd]

This paper may be helpful until then. http://eprint.iacr.org/2016/413.pdf