Hi Peter,

Discrete Log Problem (DLP) is considered to be at least as hard as
factoring, the basis of RSA public key encryption.  So yes, there is always
a risk of breakthroughs in mathematical algorithms or more recently quantum
computing but it's not particularly likely.

To be clear: the problems are surely among the most studied in history (RSA
Factoring Challenge, etc) already for decades so the likelihood they fall
in the next 5 years isn't quite "reasonable" imo.  And if it happens it
won't be just ZCash that falls. Most everything these days (ssh, other
cryptos) that is public-key like (ecdsa included) has DLP and factoring
vulnerabilities of the same sort.

But prudent to keep in mind so my Thanks to Daira and Drake for this tasty
mathematical treat.



On Tue, Dec 12, 2017 at 1:05 PM, Peter Todd via zapps-wg <
zapps...@lists.z.cash.foundation> wrote:

> On Tue, Dec 12, 2017 at 06:47:38PM +0000, Daira Hopwood via zapps-wg wrote:
> > On 04/12/17 21:19, Justin Drake via zapps-wg wrote:
> > > Bounty
> > > ======
> > >
> > > I am offering 5 ETH (about 2,300 USD at the time of writing) to the
> first person who can
> > > recover the randomness for my part of the ceremony. The bounty is
> valid until 31 December
> > > 2023.
> >
> > I suspect that it may actually be possible to do this by breaking DLP
> (given the
> > challenge and response files) before 2023.
> So to be clear, you think there's a reasonable chance that it becomes
> possible
> to counterfeit Zcash before 2023?
> --
> https://petertodd.org 'peter'[:-1]@petertodd.org

Reply via email to