taler
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Taler] G the generator

From: Christian Grothoff
Subject: Re: [Taler] G the generator
Date: Sat, 03 Oct 2015 16:42:32 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Icedove/31.7.0 
On 10/03/2015 04:40 PM, Luis Ressel wrote:
> On Sat, 03 Oct 2015 16:23:28 +0200
> Fabian Kirsch <address@hidden> wrote:
> 
>> Hi all,
>>
>> i hope we can lift the protocol description to an abstraction-level 
>> where we do not need to restrict ourselves to
>>
>> * the existence of a group generator,
>> * the use of RSA,
>> * the use of Elliptic curves
>>
>> Of course the implementation has to use these. But the
>> crypto-*design* should just require
>> "any asymetric encryption scheme with a public and a private key that 
>> allows blind signatures and
>> either DH-Keygen or ElGammal-Encryption".
>>
>> In that way taler's crypto would not need reevaluation with each news
>> in the crypto field.
>>
> 
> I agree it'd be helpful to abstract the paper in this regard.
> 
> I've got a related question: Why is Taler using Chaum's RSA-based blind
> signature protocol? I'm not an expert, but there seem to be some ECC
> approaches as well; they typically reduce computation effort and
> key/signature size, but require three-pass protocols and might've
> undergone less cryptographic scrutiny.

We looked into those, and they were either outright broken, or way more
expensive or both. So after much discussion, we decided that RSA was
still the way to go.

-Christian

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]