[tahoe-dev] What's the state of the art in digital signatures? Re: What's the state of the art in factorization?

Zooko O'Whielacronx zookog at gmail.com
Thu Apr 22 18:18:34 UTC 2010


By the way, the general idea of One Hundred Year Security as far as
digital signatures go would be to combine digital signature
algorithms. Take one algorithm which is bog standard, such as ECDSA
over NIST secp256r1 and another which has strong security properties
and which is very different from ECDSA. Signing is simply generating a
signature over the message using each algorithm in parallel.
Signatures consist of both of the signatures of the two algorithms.
Verifying consists of checking both signatures and rejecting if either
one is wrong.

Since the digital signature algorithms that we've been discussing such
as [1] are related to discrete log/Diffie-Hellman and since an
efficient implementation would probably be in elliptic curves, then
those are not great candidates to pair with ECDSA in this combiner
scheme.

Unfortunately I haven't stumbled on a digital signature scheme which
has good properties (efficiency, simplicity, ease of implementation)
and which is based on substantially different ideas and which isn't
currently under patent protection (therefore excluding NTRUSign).

Any ideas?

[1] http://eprint.iacr.org/2007/019

Regards,

Zooko



More information about the tahoe-dev mailing list