[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Taler] post-quantum blinding in the refresh protocol
|
From: |
Jeff Burdges |
|
Subject: |
[Taler] post-quantum blinding in the refresh protocol |
|
Date: |
Wed, 24 Feb 2016 19:26:23 -0800 |
I've found a hiccup in blinding of the refresh protocol :
At least in the paper, the transfer public key T_p is submitted to the
exchange/mint before the cut n' choose. A quantum computer could break
either T_p or C_p to identify the coin's unblinded key, and save it to
later link transactions.
We could just mark it as a weakness in the paper and suggest that anyone so
concerned about quantum attacks modify their wallet as follows:
Add an option for post-quantum transactions to the wallet. In post-quantum
transactions, wallets may only use coins fresh from the reserve, and try harder
to minimize change. Any coins tainted by a post-quantum transactions are never
refreshed, instead they're either abandoned or donated to a random charity.
In addition, the exchange/mint should be configured to allow change that is
small relative to the total value to be deposited to an anonymous reserve,
possibly paying the maximal tax rate.
Best,
Jeff
signature.asc
Description: This is a digitally signed message part
- [Taler] post-quantum blinding in the refresh protocol,
Jeff Burdges <=