Hi Peter, Discrete Log Problem (DLP) is considered to be at least as hard as factoring, the basis of RSA public key encryption. So yes, there is always a risk of breakthroughs in mathematical algorithms or more recently quantum computing but it's not particularly likely.
To be clear: the problems are surely among the most studied in history (RSA Factoring Challenge, etc) already for decades so the likelihood they fall in the next 5 years isn't quite "reasonable" imo. And if it happens it won't be just ZCash that falls. Most everything these days (ssh, other cryptos) that is public-key like (ecdsa included) has DLP and factoring vulnerabilities of the same sort. But prudent to keep in mind so my Thanks to Daira and Drake for this tasty mathematical treat. Cheers, Rudi On Tue, Dec 12, 2017 at 1:05 PM, Peter Todd via zapps-wg < zapps...@lists.z.cash.foundation> wrote: > On Tue, Dec 12, 2017 at 06:47:38PM +0000, Daira Hopwood via zapps-wg wrote: > > On 04/12/17 21:19, Justin Drake via zapps-wg wrote: > > > Bounty > > > ====== > > > > > > I am offering 5 ETH (about 2,300 USD at the time of writing) to the > first person who can > > > recover the randomness for my part of the ceremony. The bounty is > valid until 31 December > > > 2023. > > > > I suspect that it may actually be possible to do this by breaking DLP > (given the > > challenge and response files) before 2023. > > So to be clear, you think there's a reasonable chance that it becomes > possible > to counterfeit Zcash before 2023? > > -- > https://petertodd.org 'peter'[:-1]@petertodd.org >