taler
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Taler] Blind Rabin


From: Christian Grothoff
Subject: Re: [Taler] Blind Rabin
Date: Mon, 27 Jan 2020 19:37:45 +0100
User-agent: Evolution 3.30.5-1.1

On Sun, 2020-01-26 at 19:26 -0500, Jeff Burdges wrote:
> I’ve now forgotten, but did we ever consider using blind Rabin
> signatures?
> 
> It's discussed is section 3.3 on page 7 of
> https://www.math.uzh.ch/aa/fileadmin/user/davide/publikation/SignatureRabin11.pdf
> 
> It’s not exactly compatible with DJB’s Rabin-Williams signature
> variants from
> https://cr.yp.to/sigs/rwtight-20080201.pdf
> well see page 2 for the beginning of that discussion.
> 
> I think these blind Rabin signatures should've the fastest
> verification for any blind signature scheme, but the signature size
> looks like at least twice that of RSA, which I think poses some
> problem for Taler, so probably not advantageous in practice, and they
> require more careful mathematics for security arguments.
> 

I think we briefly looked at it and saw no big advantages over RSA.
Verification may be faster, but signing (just as relevant for the
exchange) seems significantly slower from how I read eBACS. Plus the
increased message size and the higher complexity both speak against it.

What is good is that it is also two-move like RSA, so it should be
pretty easy to plug it into Taler if for some reason RSA breaks while
Rabin survives.





reply via email to

[Prev in Thread] Current Thread [Next in Thread]