[cookiengineer]

> paper: https://eprint.iacr.org/2022/975.pdf

Does this mean that probably all SIDH key exchanges are affected?

What about TOR? Do we have to assume that key exchanges can be intercepted and recovered?

A RUSTSEC advisory was already published and they removed all SIDH algorithms there [1]

[1] https://rustsec.org/advisories/RUSTSEC-2022-0045.html

[tptacek]

Does Tor use SIKE/SIDH? The proposals I've seen for PQC Tor all seem to run a PQC construction alongside a conventional one (the only sane way to do this right now), and so, no, a break in the PQC wouldn't let you recover sessions.

Yes, this impacts all of SIDH.