[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Taler] Clause Blind Schnorr Signatures
|
From: |
Oussema Settala |
|
Subject: |
Re: [Taler] Clause Blind Schnorr Signatures |
|
Date: |
Thu, 26 Sep 2019 16:29:45 +0200 |
I have heard Crown Sterling broke RSA (again) hahaha
On 2019-09-26 16:23, Christian Grothoff wrote:
> Interesting, albeit the paper doesn't (easily) give me some other key
> bits: do you have any idea on performance (CPU, message size)? Three
> moves _may_ not be an issue if we can integrate them with the
> refresh/reveal stages which are 3 move already anyway --- but of course
> that would always a major drawback for regular /withdraw operations.
>
> Overall, my first impression is that this doesn't really improve for us
> over RSA (3 moves, still not post-quantum) and has the obvious drawback
> of being very new and thus inherently not well-studied (and quite
> complex!). So for now, I'd not even seriously consider switching,
> unless (1) we know for some reason that RSA blind signatures were broken
> beyond the point that increasing the key size would fix it, (2) this is
> somehow extended to a post-quantum scheme and we have a quantum
> computer, or (3) unexpectedly this thing trumps RSA by a significant
> margin in size and CPU speed (for same security level) *and* it has seen
> at least a decade of intense study ;-).
>
> My 2 cents
>
> Christian
>
> On 9/26/19 4:00 PM, Jeff Burdges wrote:
>>
>> There is a recent paper https://eprint.iacr.org/2019/877.pdf in section 5 of
>> which the authors produce a secure blind Schnorr signature in the algebraic
>> group model plus OMDL. In essence, it opens parallel signing queries and
>> the signer random selects which to finish, which sounds fairly amenable to
>> Taler, except blind Schnorr still need three moves, while blind RSA and
>> blind BLS only need two,
>>
>> Jeff
>>
>
--
Oussema Settala
T: +491637567453
E: address@hidden
DISCLAIMER:
This message and any attachments (the "message") is intended solely for the
intended addressees and is confidential.
If you receive this message in error,or are not the intended recipient(s),
please delete it and any copies from your systems and
immediately notify the sender. Any unauthorized view, use that does not comply
with its purpose, dissemination or disclosure, either
whole or partial, is prohibited. Since the internet cannot guarantee the
integrity of this message which may not be reliable, Vink-io
UG shall not be liable for the message if modified, changed or falsified.
Do not print this message unless it is necessary,consider the environment.
signature.asc
Description: OpenPGP digital signature