[tahoe-dev] (get) Down with ECDSA
Zooko Wilcox-O'Hearn
zooko at zooko.com
Thu Aug 20 11:45:38 PDT 2009
On Thursday,2009-08-20, at 12:06 , Brian Warner wrote:
>
> As Zooko pointed out, our main requirements are:
>
> * short signing key, so writecaps are short
> * short verifying key, so readcaps are short (note that
> confidentiality
> requires a second cryptovalue in the readcap, which adds
> pressure on
> the verifying key length)
> * fast keypair generation, so mkdir is fast
And, if keypair generation is fast *enough* then the signing key is
just the random seed which you put into the keypair generation
algorithm anything you want to sign something. That's the way I
currently do it in pycryptopp's ECDSA. :-)
> * a working, stable implementation in pycryptopp
>
> According to http://allmydata.org/trac/tahoe/ticket/331 , we've been
> waiting 18 months for this one, so at this point I'm willing to go
> with
> a generally-considered-secure-but-lacking-strong-proof algorithm
> over a
> has-strong-proof-but-no-implementations one :-).
Yeah, I really like relying on Wei Dai's Crypto++ library for
implementation. I already know how to use it, how to build it on
various platforms, etc., etc.. And I have a high opinion of its
correctness and performance. If a dig sig algorithm isn't already
implemented in Crypto++ v5.6.0 then that's another strike against it.
Regards,
Zooko
More information about the tahoe-dev
mailing list