[tahoe-dev] Hash based Signatures for Tahoe LAFS

Julian Wälde jwaelde at cdc.informatik.tu-darmstadt.de
Wed Mar 30 03:48:52 UTC 2011

On 18.02.2011 08:58, Zooko O'Whielacronx wrote:
> In particular, I want to be able to do verifications on a cheap little
> low-power 32-bit ARM storage servers. Let's say as a
> shooting-from-the-hip goal that I would like to do 50 verifications
> per second. I come up with that number by the following sequence of
> rough estimates. (The roughness of some of the numbers is indicated
> with *'s.)

Wooo finally got me self some time to do fun stuff ... I started out
with implementing a prototype for a merkle scheme that has a static
private key that can do infinite number of signatures [1].

This implementation has received zero review and the scheme it hopefully
implements can't be reduced to any computational hard problem ...
collision resistance aside (DONT USE THIS!).

Basicly this is gmss with 16 layers of height 8 (256 leafs per layer)
the message (128bit 16 * 8 bit) is used to find a path through these
layers (so the same 128bit message value will allways result in the same
signature beeing computed). I choose winternitz parameter 16 (4bit).

I think you can test signing/verification speed on your Arm box with
this (use time(1) for measuring).

On my box I have about 4 sigs/sec and 1700 verifications/sec for 11kb
signature size. It's possible to get about 8 times faster signing at the
cost of 50% verification speed and 22kb signature size.


[1] http://www.cdc.informatik.tu-darmstadt.de/~jwaelde/smss.tar.xz

PS: using threefish as oneway function is great on 64bit computers ...
however aes/camellia might be faster on 32bit systems.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://tahoe-lafs.org/pipermail/tahoe-dev/attachments/20110330/9513f453/attachment.asc>

More information about the tahoe-dev mailing list