[cryptography] [Bitcoin-development] Preparing for the Cryptopocalypse

Eugen Leitl eugen at leitl.org
Mon Aug 5 07:04:04 EDT 2013


----- Forwarded message from Gregory Maxwell <gmaxwell at gmail.com> -----

Date: Sun, 4 Aug 2013 23:41:57 -0700
From: Gregory Maxwell <gmaxwell at gmail.com>
To: Peter Vessenes <peter at coinlab.com>
Cc: Bitcoin Dev <bitcoin-development at lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Preparing for the Cryptopocalypse

On Sun, Aug 4, 2013 at 8:30 PM, Peter Vessenes <peter at coinlab.com> wrote:
> I studied with Jeffrey Hoffstein at Brown, one of the creators of NTRU. He
> told me recently NTRU, which is lattice based, is one of the few (only?)
> NIST-recommended QC-resistant algorithms.

Lamport signatures (and merkle tree variants that allow reuse) are
simpler, faster, trivially implemented, and intuitively secure under
both classical and quantum computation (plus unlikely some proposed QC
strong techniques they're patent clear).  They happen to be the only
digital signature scheme that you really can successfully explain to
grandma (even for values of grandma which are not cryptographers).

They have poor space/bandwidth usage properties, which is one reason
why Bitcoin doesn't use them today, but as far as I know the same is
so for all post-QC schemes.

> Though I question the validity of the claim that ECC is so much more secure than RSA (with appropriate keysizes).

The problems are intimately related, but under the best understanding
ECC (with suitable parameters) ends up being the maximally hard case
of that problem class.   I do sometimes worry about breakthroughs that
give index-calculus level performance for general elliptic curves,
this still wouldn't leave it any weaker than RSA but ECC is typically
used with smaller keys.

------------------------------------------------------------------------------
Get your SQL database under version control now!
Version control is standard for application code, but databases havent 
caught up. So what steps can you take to put your SQL databases under 
version control? Why should you start doing it? Read more to find out.
http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk
_______________________________________________
Bitcoin-development mailing list
Bitcoin-development at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5


More information about the cryptography mailing list