add parameters
[Imported from Trac: page OneHundredYearCryptography, version 7]
parent
d5b61ffaf9
commit
929a119bb3
|
@ -29,7 +29,24 @@ David-Sarah has proposed to use hash-based digital signatures.
|
|||
* <http://tahoe-lafs.org/pipermail/tahoe-dev/2010-June/004509.html>
|
||||
* <http://tahoe-lafs.org/pipermail/tahoe-dev/2010-July/004587.html>
|
||||
|
||||
Brian and David-Sarah wrote [a simulator](OneHundredYearCryptography)/hashbasedsig.py or two to explore performance trade-offs in hash-based signature parameters. The output of one run is this:
|
||||
Brian and David-Sarah wrote [a simulator](OneHundredYearCryptography)/hashbasedsig.py or two to explore performance trade-offs in hash-based signature parameters. The output of one run with the following parameters is this:
|
||||
```
|
||||
# range of hash output lengths
|
||||
range_L_hash = [128]
|
||||
|
||||
lg_M = 53 # lg(required number of signatures before losing security)
|
||||
|
||||
limit_bytes = 480000 # limit on signature length
|
||||
limit_cost = 500 # limit on Mcycles_Sig + weight_ver*Mcycles_ver
|
||||
weight_ver = 1 # how important verification cost is relative to signature cost
|
||||
# (note: setting this too high will just exclude useful candidates)
|
||||
|
||||
L_block = 512 # bitlength of hash input blocks
|
||||
L_pad = 64 # bitlength of hash padding overhead (for M-D hashes)
|
||||
L_label = 80 # bitlength of hash position label
|
||||
L_prf = 256 # bitlength of hash output when used as a PRF
|
||||
cycles_per_byte = 15.8 # cost of hash
|
||||
```
|
||||
```
|
||||
w A h T lg_N L_GMSS (bytes) c_S_mean (Mcycles) c_S_worst (Mcycles) score
|
||||
13 18 1 62 258.5 97524 (12191) 97272 ( 98.36) 193095 ( 195.26) +5.4 %
|
||||
|
|
Loading…
Reference in a new issue