[tahoe-dev] why hyperelliptic curves?
Hal Finney
hal.finney at gmail.com
Fri Sep 4 14:44:32 PDT 2009
Zooko wrote:
> Are there any other types of digital signature scheme which can have
> public keys shorter than 2*security level bits?
Well I suggested the small DSA variant. David Hopwood showed a
shortcoming but it sounded like it didn't apply to your usage.
More generally, what would happen if you replaced an arbitrary public
key with its hash, and used that for the URL; and then included the
full public key (or at least information sufficient to regenerate it)
in the signature? The sigs would get much bigger but the key could be
much smaller. Does that tradeoff work for you? Are its security
implications worth exploring?
Hal Finney
More information about the tahoe-dev
mailing list