Hey. I want to thank everyone for the helpful answers. They were very interesting to read. >From what I understand, the group I'm looking for is an elliptic cure with a weil pairing. (Jonathan mentioned bilinear map, I assume that means the same thing?) The C code for the Pairing based cryptography seems to be very useful for this purpose.
I have two questions regarding the answers I received: 1. I feel not very smart in the domain of elliptic curves and Weil pairing. Before jumping into the code I want to make sure I understand what I'm doing. Do you have a recommendation of something I should read? I'm not afraid of heavy math, though at the same time I can spend only so much time on this. 2. Can I actually trust the elliptic curve with weil pairing to do its cryptographic job? Maybe better asked: Can I trust it like I trust that it is hard to factor numbers? (Maybe even more?) I really appreciate your time reading this. Thank you for your help, real. On Tue, Nov 12, 2013 at 10:12 PM, James A. Donald <[email protected]>wrote: > My understanding is that Gap Diffie Helman is the only solution for > threshold signatures that is actually workable (no trusted party, normal > signatures, looks the same as an individual signature.) I base this on > having looked around for workable solutions. Maybe there is one I missed. > Everything else I looked at was impractical when closely > examined. > > I am not sure what the scaling is, but is not obviously and intolerably > horrid. Signature evaluation is fast - it looks and acts just like a > normal signature, and we can tolerate large costs for a large group to > generate signature. > > Next problem, find your Gap Diffie Helman group, which in practice means > an elliptic curve that supports the Weil Pairing. > > For source code in C, see http://crypto.stanford.edu/pbc/ > > Samuel Neves, on the mailing list [email protected] claimed > > "For pairing-friendly curves to achieve the 128-bit security > level, it is a good idea to increase the characteristic to prevent > FFS-style attacks, and to increase the embedding degree to something higher > than 6. Barreto-Naehrig curves are defined over (large) prime fields, have > embedding degree 12, and are generally a good choice for the 128-bit level." > > _______________________________________________ > cryptography mailing list > [email protected] > http://lists.randombit.net/mailman/listinfo/cryptography >
_______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
