2020.04.17 04:47:35 (1250979189383032833) from Daniel J. Bernstein:
Yesterday's soft deadline for #NISTPQC input has produced several interesting speed announcements. I'm biased but I think this is by far the most important: https://groups.google.com/a/list.nist.gov/d/msg/pqc-forum/wU0eKjbNB1k/pxv_J9ZrAgAJ The demo uses OpenSSL, so maybe wait until after next Tuesday's OpenSSL emergency security update.
2020.04.17 05:18:30 (1250986968495751168) from Daniel J. Bernstein:
The round-1 keygen software was 6 million cycles. By the beginning of round 2 the keygen software was 1 million cycles. Google selected ntruhrss701, which has keygen around 272000 cycles, for CECPQ2. Now sntrup761 (fewer bytes, higher security) has keygen down to 166000 cycles.
2020.04.17 05:21:48 (1250987802122006528) from Daniel J. Bernstein:
The main computational trick here is due to Peter Montgomery (who unfortunately passed away recently): you can replace N inversions with 1 inversion + 3N-3 mults by repeatedly using 1/a = b/ab, 1/b = a/ab. The new software merges inversions across a batch of 32 independent keys.
2020.04.17 05:28:04 (1250989378047848449) from Daniel J. Bernstein:
The demo includes an OpenSSL "ENGINE" that transparently inserts the fast sntrup761 keygen into an unchanged browser (and an SSL terminator for the server) built on top of OpenSSL. The browser simply requests one key at a time as usual. Other applications work the same way.
2020.04.17 05:33:39 (1250990782292492288) from Daniel J. Bernstein:
This is joint work with (in alphabetical order) Billy Bob Brumley, Ming-Shing Chen (leader for the new sntrup761 library), and Nicola Tuveri (leader for the new OpenSSL ENGINE). Paper should be coming in the not too distant future, but for the moment prioritized open-source demo.