[Cryptography] Future GPG/PGP

[Rællic Systems]

I was looking through list archives and saw the thread about future GPG/PGP (http://www.metzdowd.com/pipermail/cryptography/2015-September/026602.html).

In particular, the SC4 project (https://github.com/Spark-Innovations/SC4) looks interesting because I've been working on similar concepts for an encrypted messaging system: https://r.raellic.com/raellic/

The latest encryptor is a custom implementation of Serpent, OCB, and Skein with live script file validation handled through a SHA-256 library.  RSA-style key exchange or manually shared passphrases.  Please forgive all the hacks in the scripts, as well as the fact that it isn't open source at this time; I've simply spent too much.  But I may have to open source it in the future due to the cost I would otherwise incur for a commercial OCB license.

One question I've asked on IRC but have no answer to is whether I should spend the money to implement a Ring Learning With Errors key exchange.  RLWE seems like a great idea, but I think it's pointless to put in the effort for RLWE if the attacker manages to capture the private key by pausing a HTTP request and altering the script files before they reach the user.  Although live SHA-256 script file validation against published hashes mitigates that issue, it isn't a perfect solution.

Anyway, would a RLWE implementation in Javascript be of interest to anyone here?  I would appreciate any comments.

Thanks,

Andrew Watters

-
Director
Rællic Systems
director at raellic.com
https://r.raellic.com