[tahoe-dev] Down with ECDSA
Zooko Wilcox-O'Hearn
zooko at zooko.com
Wed Aug 19 12:39:07 PDT 2009
On Wednesday,2009-08-19, at 11:55 , Paul Crowley wrote:
> If you have other needs that neither of these schemes meet, let me
> know and I'll see what else I can find - thanks!
Dear Paul Crowley:
Thank you very much for your contribution of experise.
Our two main needs are a bit unusual for users of public key crypto.
First is short public keys. Not short signatures! We don't care
about the size of the signature. :-) Second is fast time to
generate a new public/private key pair.
We also like few CPU cycles for signing time and few CPU cycles for
verification (in pretty much equal measure).
I often check these benchmarks for new results:
http://bench.cr.yp.to/results-sign.html
Happily, all of the factors that we care about are measured and
displayed.
It appears that ECDSA is a good choice for performance, although I
hadn't thought of the security issues with it that you nicely described.
Got anything that has a better proof of security than ECDSA with
similar performance along these axes?
Thanks,
Zooko
More information about the tahoe-dev
mailing list