[Cryptography] Has there been any good cryptanalysis of FourQ yet?

Jon Callas jon at callas.org
Fri Oct 27 01:46:22 EDT 2017

> On Oct 25, 2017, at 10:53 PM, Bill Cox <waywardgeek at gmail.com> wrote:
> It was announced back in 2015 <https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0ahUKEwiCs_-0yo3XAhVSwWMKHaanC3cQFggoMAA&url=https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fresearch%2Fpublication%2Ffourq-four-dimensional-decompositions-on-a-q-curve-over-the-mersenne-prime%2F&usg=AOvVaw3ki9O5UGTvIxmcJEDgcevi>.  Back then, AFAIK, it was still lacking constant-time implementations, so it was not really possible to benchmark.  Now they've got constant-time code for several variants of ARM, as well as x86 <https://github.com/Microsoft/FourQlib>.  There is also an IETF draft for standardization <https://tools.ietf.org/html/draft-ladd-cfrg-4q-00>, though I understand that does not mean much on its own.
> My Haswell laptop says it takes only 50664 CPU cycles for compressed point multiplication, which should only be around 17us.  In contrast, my laptop takes about 100us to perform a NIST P256 point multiplication.
> Do we think this algorithm is secure?  Is it growing up?

I will simply note that you wrote a post about performance, and then asked if it's secure.

You tell me. Is 17┬Ás secure enough for you?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20171026/842da29e/attachment.html>

More information about the cryptography mailing list