tahoe-lafs/trac-2024-07-25
2
0
Issues 1.1k Wiki Activity

add notes about hash-based sigs 

[Imported from Trac: page Bibliography, version 54]
zooko 2010-06-23 00:22:03 +00:00
parent b357788ebc
commit aa18eebe90
1 changed files with 11 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
Bibliography.md

@ -23,7 +23,11 @@ Here are some papers that are potentially of interest.
### Public Key Cryptography ### Public Key Cryptography
[Efficient Signature Schemes with Tight Reductions to the Diffie-Hellman Problems](http://www.cs.umd.edu/~jkatz/papers/dh-sigs-full.pdf) Scheme 1 in this paper comes with a tight reduction to the Computational Diffie-Hellman problem, which means it is definitely at least as secure as any discrete-log-based scheme and could be more secure. It also has a good pedigree (having been suggested by David Chaum et al. in 1989 and having been proven to tightly reduce to Computational Diffie-Hellman by Katz et al. in 2003). It also has a nice short public key, which could be good for fitting it into our capability security schemes. #### Hash-Based Digital Signatures
[Hash-based Digital Signature Schemes](http://www.cdc.informatik.tu-darmstadt.de/~dahmen/papers/hashbasedcrypto.pdf) by Buchmann, Dahmen, and Szydlo; A survey of why it might be a good idea.
[Fast Hash-Based Signatures on Constrained Devices](https://www.minicrypt.cdc.informatik.tu-darmstadt.de/reports/reports/REDBP08.pdf) by Rohde, Eisenbarth, Dahmen, Buchmann, and Paar; a case study of implementing hash-based digital signatures for a 8-bit microcontroller. Their implementation had some trade-offs that we wouldn't want: it is a "key-evolving" design (the signer has to maintain state in order to avoid a security failure), it can only handle a limited number of signatures, and they spent a lot of time in key generation. Hm, I can't find this in their paper now, but I thought that last time I read it I saw that they spent more than an hour (!!) generating each key on a PC! On the other hand, the result is a digital signature scheme which is faster and arguably safer than RSA or ECDSA on their 8-bit microcontroller.
### Elliptic Curve Cryptography ### Elliptic Curve Cryptography
@ -80,6 +84,12 @@ See also our [RelatedProjects page](RelatedProjects).
These are some references which are less interesting or relevant than the ones above. These are some references which are less interesting or relevant than the ones above.
### Public Key Cryptography
[Efficient Signature Schemes with Tight Reductions to the Diffie-Hellman Problems](http://www.cs.umd.edu/~jkatz/papers/dh-sigs-full.pdf) Scheme 1 in this paper comes with a tight reduction to the Computational Diffie-Hellman problem, which means it is definitely at least as secure as any discrete-log-based scheme and could be more secure. It also has a good pedigree (having been suggested by David Chaum et al. in 1989 and having been proven to tightly reduce to Computational Diffie-Hellman by Katz et al. in 2003). It also has a nice short public key, which could be good for fitting it into our capability security schemes.
### Miscellaneous
[POST: A Secure, Resilient, Cooperative Messaging System](http://citeseer.ist.psu.edu/mislove03post.html) -- use a DHT for messaging; includes a suggestion to ameliorate the confidentiality problems of single-instance store by adding random bits to small text messages [POST: A Secure, Resilient, Cooperative Messaging System](http://citeseer.ist.psu.edu/mislove03post.html) -- use a DHT for messaging; includes a suggestion to ameliorate the confidentiality problems of single-instance store by adding random bits to small text messages
[Non-Transitive Connectivity and DHTs](http://srhea.net/papers/ntr-worlds05.pdf) -- practical lessons in dealing with not-fully-connected DHTs that theoreticians learned in deployment [Non-Transitive Connectivity and DHTs](http://srhea.net/papers/ntr-worlds05.pdf) -- practical lessons in dealing with not-fully-connected DHTs that theoreticians learned in deployment