From 929a119bb35d8e9e2702168625c3d47aeb3fcca5 Mon Sep 17 00:00:00 2001 From: zooko <> Date: Tue, 10 Aug 2010 16:44:23 +0000 Subject: [PATCH] add parameters [Imported from Trac: page OneHundredYearCryptography, version 7] --- OneHundredYearCryptography.md | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/OneHundredYearCryptography.md b/OneHundredYearCryptography.md index 27d2e49..ac2bfd8 100644 --- a/OneHundredYearCryptography.md +++ b/OneHundredYearCryptography.md @@ -29,7 +29,24 @@ David-Sarah has proposed to use hash-based digital signatures. * * -Brian and David-Sarah wrote [a simulator](OneHundredYearCryptography)/hashbasedsig.py or two to explore performance trade-offs in hash-based signature parameters. The output of one run is this: +Brian and David-Sarah wrote [a simulator](OneHundredYearCryptography)/hashbasedsig.py or two to explore performance trade-offs in hash-based signature parameters. The output of one run with the following parameters is this: +``` +# range of hash output lengths +range_L_hash = [128] + +lg_M = 53 # lg(required number of signatures before losing security) + +limit_bytes = 480000 # limit on signature length +limit_cost = 500 # limit on Mcycles_Sig + weight_ver*Mcycles_ver +weight_ver = 1 # how important verification cost is relative to signature cost + # (note: setting this too high will just exclude useful candidates) + +L_block = 512 # bitlength of hash input blocks +L_pad = 64 # bitlength of hash padding overhead (for M-D hashes) +L_label = 80 # bitlength of hash position label +L_prf = 256 # bitlength of hash output when used as a PRF +cycles_per_byte = 15.8 # cost of hash +``` ``` w A h T lg_N L_GMSS (bytes) c_S_mean (Mcycles) c_S_worst (Mcycles) score 13 18 1 62 258.5 97524 (12191) 97272 ( 98.36) 193095 ( 195.26) +5.4 %