Benjamin Mord [ARCHIVE] on Nostr: 📅 Original date posted:2018-05-08 📝 Original message: That would be awesome. Do ...
📅 Original date posted:2018-05-08
📝 Original message:
That would be awesome. Do you have a reference?
As pertains to the whole of asymmetric cryptography, I believe there are
not a variety of post quantum schemes, there is only one*: lattice-based
cryptography. (Which scares me, because it is not all that different from
the others.)
(* Actually, in contexts where time can be used for asymmetry, as in TESLA,
we can then use hash functions to create something like asymmetric
signatures as well. But the functional context has to be compatible with
delayed verification.)
(But I do not mean to focus exclusively on Schor's algorithm, the history
of even pre-quantum cryptanalysis shows that primitives tend to have finite
lifespan. Redundancy of any sort of good, even when not focused
specifically on quantum risks.)
On Tue, May 8, 2018, 8:58 AM Greg Sanders <gsanders87 at gmail.com> wrote:
> From what I understand talking to folks, the linear properties of these
> signature tricks are maintained under a number of post-quantum schemes.
>
> On Tue, May 8, 2018 at 8:44 AM, Benjamin Mord <ben at mord.family> wrote:
>
>>
>> If I'm not mistaken, the scriptless scripts concept (as currently
>> formulated) falls to Schor's algorithm, and at present there is no
>> alternative implementation of the concept to fall back on. Correct? Lest we
>> build a house of cards, I'd strongly urge everyone to not depend on
>> functional concepts whose underlying cryptographic primitives cannot be
>> swapped in an emergency.
>>
>> Sure, we use ecdsa for example (which is also vulnerable to Schor's
>> algorithm), but in contrast to scriptless scripts we have a variety of
>> backup primitives at our disposal that fulfill the same functional
>> objective.
>>
>> If scriptless scripts are found possible under lattice-based cryptography
>> for example, that would be something I suppose. The functional concept of
>> scriptless scripts is indeed very awesome - we just need to add some
>> cryptographic conservatism before we build on it.
>>
>>
>> _______________________________________________
>> Lightning-dev mailing list
>> Lightning-dev at lists.linuxfoundation.org
>> https://lists.linuxfoundation.org/mailman/listinfo/lightning-dev
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/lightning-dev/attachments/20180508/45b1c742/attachment.html>
📝 Original message:
That would be awesome. Do you have a reference?
As pertains to the whole of asymmetric cryptography, I believe there are
not a variety of post quantum schemes, there is only one*: lattice-based
cryptography. (Which scares me, because it is not all that different from
the others.)
(* Actually, in contexts where time can be used for asymmetry, as in TESLA,
we can then use hash functions to create something like asymmetric
signatures as well. But the functional context has to be compatible with
delayed verification.)
(But I do not mean to focus exclusively on Schor's algorithm, the history
of even pre-quantum cryptanalysis shows that primitives tend to have finite
lifespan. Redundancy of any sort of good, even when not focused
specifically on quantum risks.)
On Tue, May 8, 2018, 8:58 AM Greg Sanders <gsanders87 at gmail.com> wrote:
> From what I understand talking to folks, the linear properties of these
> signature tricks are maintained under a number of post-quantum schemes.
>
> On Tue, May 8, 2018 at 8:44 AM, Benjamin Mord <ben at mord.family> wrote:
>
>>
>> If I'm not mistaken, the scriptless scripts concept (as currently
>> formulated) falls to Schor's algorithm, and at present there is no
>> alternative implementation of the concept to fall back on. Correct? Lest we
>> build a house of cards, I'd strongly urge everyone to not depend on
>> functional concepts whose underlying cryptographic primitives cannot be
>> swapped in an emergency.
>>
>> Sure, we use ecdsa for example (which is also vulnerable to Schor's
>> algorithm), but in contrast to scriptless scripts we have a variety of
>> backup primitives at our disposal that fulfill the same functional
>> objective.
>>
>> If scriptless scripts are found possible under lattice-based cryptography
>> for example, that would be something I suppose. The functional concept of
>> scriptless scripts is indeed very awesome - we just need to add some
>> cryptographic conservatism before we build on it.
>>
>>
>> _______________________________________________
>> Lightning-dev mailing list
>> Lightning-dev at lists.linuxfoundation.org
>> https://lists.linuxfoundation.org/mailman/listinfo/lightning-dev
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/lightning-dev/attachments/20180508/45b1c742/attachment.html>