[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Taler] post-quantum blinding in the refresh protocol

From: Jeff Burdges
Subject: [Taler] post-quantum blinding in the refresh protocol
Date: Wed, 24 Feb 2016 19:26:23 -0800

I've found a hiccup in blinding of the refresh protocol : 

At least in the paper, the transfer public key T_p is submitted to the
exchange/mint before the cut n' choose.  A quantum computer could break
either T_p or C_p to identify the coin's unblinded key, and save it to
later link transactions. 

We could just mark it as a weakness in the paper and suggest that anyone so 
concerned about quantum attacks modify their wallet as follows:   

Add an option for post-quantum transactions to the wallet.  In post-quantum 
transactions, wallets may only use coins fresh from the reserve, and try harder 
to minimize change.  Any coins tainted by a post-quantum transactions are never 
refreshed, instead they're either abandoned or donated to a random charity.  

In addition, the exchange/mint should be configured to allow change that is 
small relative to the total value to be deposited to an anonymous reserve, 
possibly paying the maximal tax rate.


Attachment: signature.asc
Description: This is a digitally signed message part

reply via email to

[Prev in Thread] Current Thread [Next in Thread]