14:15:22 <br-m> <gingeropolous> plus maybe, if the interactive protocol allows for a computationally cheaper transaction, it opens the door to promote the interactive protocol for use on phones, allowing the non-interactive protocol to be computationally heavy (with the assumption that you are performing the transaction while sitting on your arse in front of your more capable computational device). 
20:15:34 <br-m> <luke:cypherstack.com> @freeman:cypherstack.com > <@luke:cypherstack.com> I agree with Rucknium's comment of potentially waiting for more PQ options. Isogeny based scheme make me nervous.
20:17:08 <br-m> <freeman:cypherstack.com> Which ones? I had many (controversial, I’m sure) thoughts to share > <@intr:unredacted.org> out of curiosity, have Freeman Slaughter's comments from that MoneroTopia episode been addressed before?
20:18:13 <br-m> <freeman:cypherstack.com> Yeah, I would REALLY like to know where the idea of considering isogenies came from > <@luke:cypherstack.com> I agree with Rucknium's comment of potentially waiting for more PQ options. Isogeny based scheme make me nervous.
20:26:10 <br-m> <freeman:cypherstack.com> Like CSIDH is really only about 5 years old, ish? After the devastating attack on SIDH, its predecessor, many PQ cryptographers lost trust in isogenies, since they were left rather scrambling to find alternative assumptions. It's a bit too new to really be confident in imo. 
20:28:34 <br-m> <freeman:cypherstack.com> Most sigs have a natural tradeoff between sig size and pubkey. Isogenies, which do well in both regards, make me wonder when it's just too good to be true. See this Sig Zoo: SQISign is in the lower left https://pqshield.github.io/nist-sigs-zoo/
20:30:04 <br-m> <intr:unredacted.org> Well for example I found the comments on forward secrecy w.r.t quantum resistance very interesting. I should note however that, while I can understand the concepts, I am not at all a cryptographer. > <@freeman:cypherstack.com> Which ones? I had many (controversial, I’m sure) thoughts to share
20:47:04 <br-m> <diego:cypherstack.com> Hi
20:47:36 <br-m> <diego:cypherstack.com> https://mrelay.p2pool.observer/m/cypherstack.com/zigbhSzAoXKLixMtayeJksCa.pdf (FCMP_Function_Analysis_-_Part_1.pdf)
20:47:42 <br-m> <diego:cypherstack.com> Weeks of work. Here's most of our code review. 
20:48:14 <br-m> <diego:cypherstack.com> Missing sections 10-12 that are listed in the table of contents. That's coming soon. 
20:48:44 <br-m> <diego:cypherstack.com> But we figured we'd let people poke around our findings in the meantime. 
20:55:13 <br-m> <freeman:cypherstack.com> @intr:unredacted.org: Many people conflate these, but they’re independent concepts. A cryptosystem can be forward-secret, but still broken efficiently by a quantum computer. Often, I see devs say “we’re forward-secret, so now we can boast about quantum resistance!!” which is not a correct conclusion
20:58:25 <br-m> <freeman:cypherstack.com> Forward secrecy only protects keys, not ciphertexts, and the encryption algorithm itself may be broken by quantum computers
21:06:20 <br-m> <jeffro256> Thank you! This is excellent, I'm reviewing now  > <@diego:cypherstack.com> https://mrelay.p2pool.observer/m/cypherstack.com/zigbhSzAoXKLixMtayeJksCa.pdf (FCMP_Function_Analysis_-_Part_1.pdf)
21:11:49 <br-m> <jeffro256> > Section 6.1
21:11:49 <br-m> <jeffro256> > The purpose of torsion clearing is to make sure that we do not accidentally fall into the small subgroup of order 8 which this curve will have, as many of the security properties guaranteed by using ED25519 degrade to nothing if the chosen point is not in the larger subgroup of order l.
21:11:49 <br-m> <jeffro256> This kind of misses the point, we should avoid operating on points with composite order too. We also want to avoid points of order 2l, 4l, and 8l, even those are larger than l
21:12:23 <br-m> <jeffro256> Any subgroup which is not both large and composite means that security analysis kind if breaks down
21:27:19 <br-m> <ixr3:matrix.org> An error occurred while downloading this file M_NOT_FOUND: MatrixError: [404] Not found (https://matrix-client.matrix.org/_matrix/media/v3/download/cypherstack.com/zigbhSzAoXKLixMtayeJksCa?allow_redirect=true) > <@diego:cypherstack.com> https://mrelay.p2pool.observer/m/cypherstack.com/zigbhSzAoXKLixMtayeJksCa.pdf (FCMP_Function_Analysis_-_Part_1.pdf)
22:41:20 <br-m> <jeffro256> E8 does not capture all torsioned points. For example, (22113108604418711654834380141479978215903647889537852118684209480418, 3) is a point with order 8l > <@diego:cypherstack.com> https://mrelay.p2pool.observer/m/cypherstack.com/zigbhSzAoXKLixMtayeJksCa.pdf (FCMP_Function_Analysis_-_Part_1.pdf)
22:42:50 <br-m> <jeffro256> (12177942374254781395273543394244155341214891527979665950569640045870, 4) is a point with order 4l 
22:46:00 <br-m> <jeffro256> (9866481179189277076924550330318288218146948388166974851572505686024, 9) is a point with order 2l