[Taler] Lattice-Based E-Cash

taler

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Taler] Lattice-Based E-Cash

From:	Jeff Burdges
Subject:	[Taler] Lattice-Based E-Cash
Date:	Fri, 18 May 2018 20:05:58 +0200

I have not actually read much of this paper, but worth mentioning its existence:
https://eprint.iacr.org/2017/856.pdf

There are good odds any PRF based scheme will encounters the minor issues 
previously discussed around Oblivious PRF schemes, as mentioned in 
https://lists.gnu.org/archive/html/taler/2017-11/msg00001.html

In this case, I think their signing primitive falls somewhere between a 
signature and a PRF, not sure, but actually obfuscating all inputs from the 
signer sounds unlikely to be information theoretically secure.  Also, I have 
not read enough to know if their zero-knowledge argument of knowledge scheme is 
information theoretically blinding.  If not for either one, then anonymity is 
technically weaker under their proposal, making it riskier if quantum computers 
are believed unlikely.  I previously highlighted this issues in 
https://lists.gnu.org/archive/html/taler/2016-06/msg00019.html

Also, the paper does stuff like deanonymize double spenders, which we know to 
be unrealistic crypto-for-crypto in the usual payment context, but that’s 
merely unnecessary and not an obstacle.

Jeff

signature.asc
Description: Message signed with OpenPGP

[Prev in Thread]

Current Thread

[Next in Thread]

[Taler] Lattice-Based E-Cash, Jeff Burdges <=

Prev by Date: Re: [Taler] Wrong release date
Next by Date: [Taler] Interested in contributing
Previous by thread: [Taler] Wrong release date
Next by thread: [Taler] Interested in contributing
Index(es):
- Date
- Thread