On Wednesday,2009-08-19, at 11:55 , Paul Crowley wrote: > If you have other needs that neither of these schemes meet, let me > know and I'll see what else I can find - thanks!
Dear Paul Crowley: Thank you very much for your contribution of experise. Our two main needs are a bit unusual for users of public key crypto. First is short public keys. Not short signatures! We don't care about the size of the signature. :-) Second is fast time to generate a new public/private key pair. We also like few CPU cycles for signing time and few CPU cycles for verification (in pretty much equal measure). I often check these benchmarks for new results: http://bench.cr.yp.to/results-sign.html Happily, all of the factors that we care about are measured and displayed. It appears that ECDSA is a good choice for performance, although I hadn't thought of the security issues with it that you nicely described. Got anything that has a better proof of security than ECDSA with similar performance along these axes? Thanks, Zooko _______________________________________________ tahoe-dev mailing list [email protected] http://allmydata.org/cgi-bin/mailman/listinfo/tahoe-dev
