although various post-quantum crypto ratchet constructions are possible... i think it would be a significant improvement to use elliptic curve crypto to implement forward secure mixes as described in https://www.freehaven.net/anonbib/cache/Dan:SFMix03.pdf
note that this task is low priority because our primary defense against compulsion attacks and key compromise is frequent mix key rotation every 3 hours.
although various post-quantum crypto ratchet constructions are possible... i think it would be a significant improvement to use elliptic curve crypto to implement forward secure mixes as described in https://www.freehaven.net/anonbib/cache/Dan:SFMix03.pdf
note that this task is low priority because our primary defense against compulsion attacks and key compromise is frequent mix key rotation every 3 hours.