[145266] in cryptography@c2.net mail archive
What's the state of the art in digital signatures? Re: What's the
daemon@ATHENA.MIT.EDU (Zooko O'Whielacronx)
Fri Jul 9 12:26:52 2010
Date: Thu, 22 Apr 2010 12:18:34 -0600
From: "Zooko O'Whielacronx" <zookog@gmail.com>
To: Samuel Neves <sneves@dei.uc.pt>
Cc: cryptography@metzdowd.com, tahoe-dev <tahoe-dev@allmydata.org>,
cryptography@randombit.net
By the way, the general idea of One Hundred Year Security as far as
digital signatures go would be to combine digital signature
algorithms. Take one algorithm which is bog standard, such as ECDSA
over NIST secp256r1 and another which has strong security properties
and which is very different from ECDSA. Signing is simply generating a
signature over the message using each algorithm in parallel.
Signatures consist of both of the signatures of the two algorithms.
Verifying consists of checking both signatures and rejecting if either
one is wrong.
Since the digital signature algorithms that we've been discussing such
as [1] are related to discrete log/Diffie-Hellman and since an
efficient implementation would probably be in elliptic curves, then
those are not great candidates to pair with ECDSA in this combiner
scheme.
Unfortunately I haven't stumbled on a digital signature scheme which
has good properties (efficiency, simplicity, ease of implementation)
and which is based on substantially different ideas and which isn't
currently under patent protection (therefore excluding NTRUSign).
Any ideas?
[1] http://eprint.iacr.org/2007/019
Regards,
Zooko
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
