2020.12.26 18:09:32 (1342880236174643200) from Daniel J. Bernstein, replying to "Probabilita (@kora@chaos.social) (@dakoraa)" (1342475514997583872):
Storing data encrypted and authenticated on an untrusted device (external memory, servers, ...) tends to get around space limits, yes, while raising the question of how much time is consumed by the symmetric crypto + communication. Not what public-key cryptographers want to hear.
2020.12.25 07:41:52 (1342359892082888704) from Daniel J. Bernstein:
New paper "Cryptographic competitions": https://cr.yp.to/papers.html#competitions This paper surveys procedures that have been used in cryptographic competitions, and analyzes the extent to which those procedures reduce security risks. #DES #AES #eSTREAM #SHA3 #CAESAR #NISTPQC #NISTLWC #NSA
2020.12.25 15:16:23 (1342474273944952832) from "Probabilita (@kora@chaos.social) (@dakoraa)":
Thank you! That was a fascinating read. I like how 3.8 is taking absolutely no prisoners. What I've been wondering a lot lately is why there is so much focus on performance and comparatively little on memory footprint. Esp. in relation to the PQC process…
2020.12.25 15:18:33 (1342474818155925504) from "Probabilita (@kora@chaos.social) (@dakoraa)", replying to "Probabilita (@kora@chaos.social) (@dakoraa)" (1342474273944952832):
where improved performance will decrease startup latency but not throughput. I did implement an experimental protocol using a PQ Handshake earlier this year and it wasn't fast but even on the smallest µC I could always just wait a bit longer for the handshake to finish.
2020.12.25 15:21:19 (1342475514997583872) from "Probabilita (@kora@chaos.social) (@dakoraa)", replying to "Probabilita (@kora@chaos.social) (@dakoraa)" (1342474818155925504):
Memory usage on the other hand almost stopped the project in it's track and there is little us implementors can do short of slapping on external memory and – if secured at all – encrypt that with some symmetric cipher.