Re: [Taler] Blind signature decision

[Raphael Arias]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi Christian,

thanks for the info!

Raphael

On 11/27/2015 04:50 PM, Christian Grothoff wrote:
> Hi Raphael,
> 
> There is no single overriding reason, as there were several blind 
> signature schemes we considered.  Basically, they shared a 
> combination of
> 
> * dramatic increases in complexity * known vulnerabilities * lack 
> of performance improvements over RSA (i.e. do 10x this ECC 
> signature and you get 99% security)
> 
> Ultimately, at the end of about a dozen e-mails on the subject, 
> Tanja Lange told us that RSA blind signatures should be just fine 
> for our purpose, so we heeded her advice.
> 
> -Christian
> 
> On 11/27/2015 03:06 PM, Raphael Arias wrote:
>> Hi list,
>> 
>> I know there was some discussion in the beginning on whether to 
>> use an ECC blind signature scheme and a few of them were ruled 
>> out because of vulnerabilities in the protocols or other
>> reasons. Which is why Taler stayed with RSA blind sigs.
>> 
>> I was wondering if there exists documentation about the specific 
>> flaws and reasons that led to this decision somewhere out there.
>> 
>> Thanks in advance, Raphael
>> 
> 
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCAAGBQJWWHzsAAoJEEHRIZEpQl/vsH0P/0FCVavO4iuFoUUXd2CIqvFJ
+XMd5NhAoGqclniTA45yZ1kmqCvbjQCydNYbYPB6nCXlqP8zKnKC2uyo82/Dnoz1
H0oEzzaEIHm0zVS/oAElu51se2bbReQg1hOYEiaKk6fmcKf+W5hp9TaJ0LCVam7n
NP0Kh5PyaE9mahoqk5h3ZeTScB8LoW5PfcKR24iZIXkIoC9RODT5oJkBsku9cXji
ykTB4YFPIOnMWUOC0Vdq+SMdOMJQDAbIjRJGhBic+BPgaRrPs+yTAoSOi5dE3Xd6
R/6LGdkSmAZreUWEcRphP9x/k9eyEoO1qahwtkNrv/T0iKUNlDd85TBwLmy/ptgw
xSUB+hqajJFy55avxC5zSR3Bbx3BOVw3jx03q1M435Fi/j1QDnw7TSfF0CV9lRyM
TY21BRFZUf7mJMoTtT+Nvdljl+rHGi/ewkCYTbNbmE0jcaKbsBUKJl4lhhvEGDX9
Yc6pX6VviE3zkVRGKthzaaoYksNRRxMW8RrD69J1qmmPgnbOaDiTENDUX4sdNp4s
E9TGeHKRUISQzkG1J+m5qWpWS6WJ1bjCijBEktN4Hl4zLOjNyrDf37qf17uV6BQP
BJawbMd1trwi4q9ulQQ5Chps3E91rxGfIQHpq1LEBsUN/199HyIHTJZrbrxsWajr
jCtOGc0vvr4fvsn7NUhY
=PhwT
-----END PGP SIGNATURE-----