[Cryptography] Has there been any good cryptanalysis of FourQ yet?
Bill Cox
waywardgeek at gmail.com
Thu Oct 26 01:53:32 EDT 2017
It was announced back in 2015
<https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0ahUKEwiCs_-0yo3XAhVSwWMKHaanC3cQFggoMAA&url=https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fresearch%2Fpublication%2Ffourq-four-dimensional-decompositions-on-a-q-curve-over-the-mersenne-prime%2F&usg=AOvVaw3ki9O5UGTvIxmcJEDgcevi>.
Back then, AFAIK, it was still lacking constant-time implementations, so it
was not really possible to benchmark. Now they've got constant-time code
for several variants of ARM, as well as x86
<https://github.com/Microsoft/FourQlib>. There is also an IETF draft for
standardization <https://tools.ietf.org/html/draft-ladd-cfrg-4q-00>, though
I understand that does not mean much on its own.
My Haswell laptop says it takes only 50664 CPU cycles for compressed point
multiplication, which should only be around 17us. In contrast, my laptop
takes about 100us to perform a NIST P256 point multiplication.
Do we think this algorithm is secure? Is it growing up?
Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20171025/0a5b41f4/attachment.html>
More information about the cryptography
mailing list