[cryptography] [Bitcoin-development] Preparing for the Cryptopocalypse

William Whyte wwhyte at securityinnovation.com
Mon Aug 5 10:52:03 EDT 2013


Just to be clear, NIST haven't endorsed NTRU for use, but they did speak
favourably of it in a report on quantum-secure crypto.

William


On Mon, Aug 5, 2013 at 7:04 AM, Eugen Leitl <eugen at leitl.org> wrote:

> ----- Forwarded message from Gregory Maxwell <gmaxwell at gmail.com> -----
>
> Date: Sun, 4 Aug 2013 23:41:57 -0700
> From: Gregory Maxwell <gmaxwell at gmail.com>
> To: Peter Vessenes <peter at coinlab.com>
> Cc: Bitcoin Dev <bitcoin-development at lists.sourceforge.net>
> Subject: Re: [Bitcoin-development] Preparing for the Cryptopocalypse
>
> On Sun, Aug 4, 2013 at 8:30 PM, Peter Vessenes <peter at coinlab.com> wrote:
> > I studied with Jeffrey Hoffstein at Brown, one of the creators of NTRU.
> He
> > told me recently NTRU, which is lattice based, is one of the few (only?)
> > NIST-recommended QC-resistant algorithms.
>
> Lamport signatures (and merkle tree variants that allow reuse) are
> simpler, faster, trivially implemented, and intuitively secure under
> both classical and quantum computation (plus unlikely some proposed QC
> strong techniques they're patent clear).  They happen to be the only
> digital signature scheme that you really can successfully explain to
> grandma (even for values of grandma which are not cryptographers).
>
> They have poor space/bandwidth usage properties, which is one reason
> why Bitcoin doesn't use them today, but as far as I know the same is
> so for all post-QC schemes.
>
> > Though I question the validity of the claim that ECC is so much more
> secure than RSA (with appropriate keysizes).
>
> The problems are intimately related, but under the best understanding
> ECC (with suitable parameters) ends up being the maximally hard case
> of that problem class.   I do sometimes worry about breakthroughs that
> give index-calculus level performance for general elliptic curves,
> this still wouldn't leave it any weaker than RSA but ECC is typically
> used with smaller keys.
>
>
> ------------------------------------------------------------------------------
> Get your SQL database under version control now!
> Version control is standard for application code, but databases havent
> caught up. So what steps can you take to put your SQL databases under
> version control? Why should you start doing it? Read more to find out.
> http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
> ----- End forwarded message -----
> --
> Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
> ______________________________________________________________
> ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
> AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20130805/703d820b/attachment.html>


More information about the cryptography mailing list