On Thursday,2009-08-20, at 12:06 , Brian Warner wrote: > > As Zooko pointed out, our main requirements are: > > * short signing key, so writecaps are short > * short verifying key, so readcaps are short (note that > confidentiality > requires a second cryptovalue in the readcap, which adds > pressure on > the verifying key length) > * fast keypair generation, so mkdir is fast
And, if keypair generation is fast *enough* then the signing key is just the random seed which you put into the keypair generation algorithm anything you want to sign something. That's the way I currently do it in pycryptopp's ECDSA. :-) > * a working, stable implementation in pycryptopp > > According to http://allmydata.org/trac/tahoe/ticket/331 , we've been > waiting 18 months for this one, so at this point I'm willing to go > with > a generally-considered-secure-but-lacking-strong-proof algorithm > over a > has-strong-proof-but-no-implementations one :-). Yeah, I really like relying on Wei Dai's Crypto++ library for implementation. I already know how to use it, how to build it on various platforms, etc., etc.. And I have a high opinion of its correctness and performance. If a dig sig algorithm isn't already implemented in Crypto++ v5.6.0 then that's another strike against it. Regards, Zooko _______________________________________________ tahoe-dev mailing list [email protected] http://allmydata.org/cgi-bin/mailman/listinfo/tahoe-dev
