Hacker News new | ask | show | jobs
by Ar-Curunir 3634 days ago
The new key exchange is based on lattice cryptography, which is conjectured to be quantum resistant. The precise assumption is RLWE.
1 comments
cm3 3634 days ago
Thanks, and yes, I've read about what hardness assumption is used.

My confusion is about what pieces are concatenated. Is the same input processed twice (different ciphers) and then concatenated, which is then the generated key?

link
tptacek 3634 days ago
The outputs of an RLWE and ECDH handshake are both fed into the TLS KDF.
link
cm3 3634 days ago
Thanks for the info. May I ask if you figured that out from the blog or BoringSSL code?
link
pbsd 3634 days ago
The hybrid ciphersuite idea comes from [1, Section 5.2], though you could also chalk it up to common sense. I don't think the blog spells out how it's done.

[1] https://eprint.iacr.org/2014/599

link
wolf550e 3633 days ago
Adam Langley answered this on HN: https://news.ycombinator.com/item?id=12051438
link