taler
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Taler] Clause Blind Schnorr Signatures


From: Oussema Settala
Subject: Re: [Taler] Clause Blind Schnorr Signatures
Date: Thu, 26 Sep 2019 16:29:45 +0200

I have heard Crown Sterling broke RSA (again) hahaha

On 2019-09-26 16:23, Christian Grothoff wrote:
> Interesting, albeit the paper doesn't (easily) give me some other key
> bits: do you have any idea on performance (CPU, message size)? Three
> moves _may_ not be an issue if we can integrate them with the
> refresh/reveal stages which are 3 move already anyway --- but of course
> that would always a major drawback for regular /withdraw operations.
> 
> Overall, my first impression is that this doesn't really improve for us
> over RSA (3 moves, still not post-quantum) and has the obvious drawback
> of being very new and thus inherently not well-studied (and quite
> complex!).  So for now, I'd not even seriously consider switching,
> unless (1) we know for some reason that RSA blind signatures were broken
> beyond the point that increasing the key size would fix it, (2) this is
> somehow extended to a post-quantum scheme and we have a quantum
> computer, or (3) unexpectedly this thing trumps RSA by a significant
> margin in size and CPU speed (for same security level) *and* it has seen
> at least a decade of intense study ;-).
> 
> My 2 cents
> 
> Christian
> 
> On 9/26/19 4:00 PM, Jeff Burdges wrote:
>>
>> There is a recent paper https://eprint.iacr.org/2019/877.pdf in section 5 of 
>> which the authors produce a secure blind Schnorr signature in the algebraic 
>> group model plus OMDL.  In essence, it opens parallel signing queries and 
>> the signer random selects which to finish, which sounds fairly amenable to 
>> Taler, except blind Schnorr still need three moves, while blind RSA and 
>> blind BLS only need two,
>>
>> Jeff
>>
> 

-- 
Oussema Settala
T: +491637567453
E: address@hidden

DISCLAIMER:
This message and any attachments (the "message") is intended solely for the 
intended addressees and is confidential.
If you receive this message in error,or are not the intended recipient(s), 
please delete it and any copies from your systems and
immediately notify the sender. Any unauthorized view, use that does not comply 
with its purpose, dissemination or disclosure, either
whole or partial, is prohibited. Since the internet cannot guarantee the 
integrity of this message which may not be reliable, Vink-io
UG shall not be liable for the message if modified, changed or falsified.
Do not print this message unless it is necessary,consider the environment.

Attachment: signature.asc
Description: OpenPGP digital signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]