[tahoe-dev] (get) Down with ECDSA

Zooko Wilcox-O'Hearn zooko at zooko.com
Thu Aug 20 18:45:38 UTC 2009

On Thursday,2009-08-20, at 12:06 , Brian Warner wrote:

> As Zooko pointed out, our main requirements are:
>  * short signing key, so writecaps are short
>  * short verifying key, so readcaps are short (note that  
> confidentiality
>    requires a second cryptovalue in the readcap, which adds  
> pressure on
>    the verifying key length)
>  * fast keypair generation, so mkdir is fast

And, if keypair generation is fast *enough* then the signing key is  
just the random seed which you put into the keypair generation  
algorithm anything you want to sign something.  That's the way I  
currently do it in pycryptopp's ECDSA.  :-)

>  * a working, stable implementation in pycryptopp
> According to http://allmydata.org/trac/tahoe/ticket/331 , we've been
> waiting 18 months for this one, so at this point I'm willing to go  
> with
> a generally-considered-secure-but-lacking-strong-proof algorithm  
> over a
> has-strong-proof-but-no-implementations one :-).

Yeah, I really like relying on Wei Dai's Crypto++ library for  
implementation.  I already know how to use it, how to build it on  
various platforms, etc., etc..  And I have a high opinion of its  
correctness and performance.  If a dig sig algorithm isn't already  
implemented in Crypto++ v5.6.0 then that's another strike against it.



More information about the tahoe-dev mailing list