> Because SIDH is still new and unproven, the TLS integration performs a hybrid key exchange: it sends both an X25519 keyshare and an SIDH keyshare, performs both X25519 and SIDH shared secret computations, and feeds both shared secrets into the TLS key derivation mechanism. This ensures that even if SIDH turns out to be broken, the key agreement is at least as secure as X25519.<p>This is the critical bit, and the same thing that Google did with their post-quantum crypto experiment: make it an additional layer of defense-in-depth, while still using standard crypto and ensuring that you still have <i>at least</i> that much security.
> Unfortunately, this requires writing assembly, because writing high-performance arithmetic is not possible in Go — it's simply not a design goal of the language. (There are a few reasons, most notably that there's no way to directly compute the (128-bit) product of 64-bit integers.)<p>Can any language do this, without also calling through some library that has hand-crafted assembly in it? Will assigning the product of 2 longs in C to a long long result in the correct instructions?