Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194] helo=mx.sourceforge.net) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1W4OAI-0006eY-GQ for bitcoin-development@lists.sourceforge.net; Sat, 18 Jan 2014 05:09:50 +0000 Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.217.173 as permitted sender) client-ip=209.85.217.173; envelope-from=gmaxwell@gmail.com; helo=mail-lb0-f173.google.com; Received: from mail-lb0-f173.google.com ([209.85.217.173]) by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1W4OAH-00061L-PZ for bitcoin-development@lists.sourceforge.net; Sat, 18 Jan 2014 05:09:50 +0000 Received: by mail-lb0-f173.google.com with SMTP id y6so3579775lbh.18 for ; Fri, 17 Jan 2014 21:09:43 -0800 (PST) MIME-Version: 1.0 X-Received: by 10.152.4.230 with SMTP id n6mr3151954lan.1.1390021783084; Fri, 17 Jan 2014 21:09:43 -0800 (PST) Received: by 10.112.198.65 with HTTP; Fri, 17 Jan 2014 21:09:42 -0800 (PST) In-Reply-To: <52DA093D.4070505@gmail.com> References: <20140114225321.GT38964@giles.gnomon.org.uk> <20140116212805.GA4421@petertodd.org> <20140117144601.GA8614@petertodd.org> <52DA093D.4070505@gmail.com> Date: Fri, 17 Jan 2014 21:09:42 -0800 Message-ID: From: Gregory Maxwell To: Alan Reiner Content-Type: text/plain; charset=UTF-8 X-Spam-Score: -1.6 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (gmaxwell[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1W4OAH-00061L-PZ Cc: Bitcoin Development Subject: Re: [Bitcoin-development] Stealth Addresses X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Jan 2014 05:09:50 -0000 On Fri, Jan 17, 2014 at 8:55 PM, Alan Reiner wrote: > Isn't there a much faster asymmetric scheme that we can use? I've heard people talk about ed25519, though I'm not sure it can be used for encryption. Doing ECDH with our curve is within a factor of ~2 of the fastest encryption available at this security level, AFAIK. And separate encryption would ~double the amount of data vs using the ephemeral key for derivation. Using another cryptosystem would mandate carry around additional code for a fast implementation of that cryptosystem, which wouldn't be fantastic. So I'm not sure much can be improved there.