Perhaps McEliece wouldn't be the best example. The only "practical" signature scheme based on the syndrome decoding hardness would be CFS, which requires giant keys (to avoid information-set decoding attacks and generalized birthday attacks) and is ridiculously slow to sign (factorial(t) decoding tries in average, t at least 10).
Best regards, Samuel Neves On 26-04-2010 08:37, coderman wrote: > On Thu, Apr 22, 2010 at 11:18 AM, Zooko O'Whielacronx <[email protected]> > wrote: > >> By the way, the general idea of One Hundred Year Security as far as >> digital signatures go would be to combine digital signature >> algorithms. Take one algorithm which is bog standard, such as ECDSA >> ... and another which has strong security properties >> and which is very different from ECDSA. ... >> >> Unfortunately I haven't stumbled on a digital signature scheme which >> has good properties... >> > > try McEliece cryptosystem with QC-LDPC coding or other improved and > hardened variant that suites your purposes. > > one caveat - a cryptographically strong, very plentiful hardware > entropy source is required for any kind of usable key generation. but > we all have those embedded on our processor die now, right? ... :P > > another benefit McEliece QC-LDPC can be made very fast on modern cores > and GPU kernels. > _______________________________________________ > cryptography mailing list > [email protected] > http://lists.randombit.net/mailman/listinfo/cryptography > > _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
