clarifications about hash-based digital sigs
[Imported from Trac: page OneHundredYearCryptography, version 17]
parent
47035ce2a5
commit
cf947995d1
|
@ -31,9 +31,9 @@ David-Sarah has proposed to use hash-based digital signatures.
|
||||||
|
|
||||||
Zooko posted ["back of the envelope" performance constraints](https://tahoe-lafs.org/pipermail/tahoe-dev/2011-February/006133.html). Bottom-line: you get 30 million ARM instructions to implement one complete digital signature verification.
|
Zooko posted ["back of the envelope" performance constraints](https://tahoe-lafs.org/pipermail/tahoe-dev/2011-February/006133.html). Bottom-line: you get 30 million ARM instructions to implement one complete digital signature verification.
|
||||||
|
|
||||||
Julian Wälde has [posted an actual implementation](http://tahoe-lafs.org/pipermail/tahoe-dev/2011-March/006237.html) of hash-based digital signatures! Exciting fact: his implementation meets Zooko's performance criterion!
|
Julian Wälde has [posted an actual implementation](http://tahoe-lafs.org/pipermail/tahoe-dev/2011-March/006237.html) of (stateful) hash-based digital signatures! Exciting fact: his implementation meets Zooko's performance criterion!
|
||||||
|
|
||||||
Brian and David-Sarah wrote [a simulator]source:trunk/misc/simulators/hashbasedsig.py or two to explore performance trade-offs in hash-based signature parameters. The output of one run with the following parameters is this:
|
Brian and David-Sarah wrote [a simulator]source:trunk/misc/simulators/hashbasedsig.py or two to explore performance trade-offs in (stateless) hash-based signature parameters. The output of one run with the following parameters is this (note that the signing times include regeneration of per-message signing keys from a small long-term private key):
|
||||||
```
|
```
|
||||||
# range of hash output lengths
|
# range of hash output lengths
|
||||||
range_L_hash = [128]
|
range_L_hash = [128]
|
||||||
|
|
Loading…
Reference in a new issue