[Cryptography] Has there been any good cryptanalysis of FourQ yet?
Jon Callas
jon at callas.org
Fri Oct 27 01:46:22 EDT 2017
> On Oct 25, 2017, at 10:53 PM, Bill Cox <waywardgeek at gmail.com> wrote:
>
> It was announced back in 2015 <https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0ahUKEwiCs_-0yo3XAhVSwWMKHaanC3cQFggoMAA&url=https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fresearch%2Fpublication%2Ffourq-four-dimensional-decompositions-on-a-q-curve-over-the-mersenne-prime%2F&usg=AOvVaw3ki9O5UGTvIxmcJEDgcevi>. Back then, AFAIK, it was still lacking constant-time implementations, so it was not really possible to benchmark. Now they've got constant-time code for several variants of ARM, as well as x86 <https://github.com/Microsoft/FourQlib>. There is also an IETF draft for standardization <https://tools.ietf.org/html/draft-ladd-cfrg-4q-00>, though I understand that does not mean much on its own.
>
> My Haswell laptop says it takes only 50664 CPU cycles for compressed point multiplication, which should only be around 17us. In contrast, my laptop takes about 100us to perform a NIST P256 point multiplication.
>
> Do we think this algorithm is secure? Is it growing up?
I will simply note that you wrote a post about performance, and then asked if it's secure.
You tell me. Is 17µs secure enough for you?
Jon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20171026/842da29e/attachment.html>
More information about the cryptography
mailing list