Hi folks,
Replying to DJB's email but not really in direct response to him.
I'm not a cryptographer and don't have a strong opinion on the
technical merits of X-wing in particular, but I've been following
this thread (lots of messages) and was hoping to try to summarize
what I think is common gro
Ilari Liusvaara writes:
> Security review of X-wing only needs to be done once.
"Of course we hope that any particular piece of security review can be
done just once and that's the end of it (OK Google, please read once
through the Chrome source code and remove the buffer overflows), but the
bigge
On Sat, Jan 27, 2024 at 02:56:45PM -, D. J. Bernstein wrote:
> David Benjamin writes:
> > No more heavily parameterized algorithms. Please precompose them.
> >
> > Once you precompose them, you may as well take advantage of properties
> > of the inputs and optimize things.
>
> In my implemento
David Benjamin writes:
> No more heavily parameterized algorithms. Please precompose them.
https://cr.yp.to/papers.html#coolnacl explains advantages of providing
precomposed parameter-free bundles to the application. The current
discussions are about specific proposals for such bundles (or at leas
