1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
|
Return-Path: <gmaxwell@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 584B6E6A
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 23 Jan 2018 01:05:46 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-ua0-f179.google.com (mail-ua0-f179.google.com
[209.85.217.179])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id EC533134
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 23 Jan 2018 01:05:45 +0000 (UTC)
Received: by mail-ua0-f179.google.com with SMTP id n2so7198468uak.9
for <bitcoin-dev@lists.linuxfoundation.org>;
Mon, 22 Jan 2018 17:05:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=mime-version:sender:in-reply-to:references:from:date:message-id
:subject:to:cc;
bh=mD8Vg5f1vuK4brTzIZVx3Txlzacn+OZxvjnAh5odwTw=;
b=nXnFKO4VX2SY6Etgeik5RMZ3qOrtsD5SQHf362G8UiF8fYfP4ONF/bDurFkQrwlJ3V
/jtqPJI1Cvg8t2eWCMWCPPyQhiQgL7HwfoLrzIBYR9wPgL0OijHLcKlUY2YWMbJE0rNL
0yP/VJdk/qCNA1DGE+wImq7MU/sbrRvytxD7SABIRBNKrp2tWn7dNkGO1FzaUrEDbjVn
fEQpshZniXopNWV/c2veh+3FfWp49x2iVxqs+Fioa0SFYKIZceTGzjg+LqtyQkcit3Gd
MLYdl2vZmlh/StFXXAdesSQQUbApsrtrL2ZHIFKUQmm/6OS6aWazTPem41N/ACQMDrYd
zmLw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
:date:message-id:subject:to:cc;
bh=mD8Vg5f1vuK4brTzIZVx3Txlzacn+OZxvjnAh5odwTw=;
b=VfXTMztCijEynzTapogvXVVzPerUFnBbLcrfjLsu7axqRjNupur40QCCBGjQgAeLce
e00U6iYSbAIUgRrHlWm5HFrL0ZyYKU3n+WfBWObUm4i1JMpkp/vVLm/FjhVXlaCPr2bH
0THr3KwezxDCIH5ZI8Jl1gqxwB4mm0Ex8VEdoq+eV0od+Iwfh/iFQUKUi3Y+Z04Q5vdj
RUfu+oo2BuXO6/wymEc+I2qglIKW64jXU4MDAEnkLvIpModuI97aimLAHRpXqdmWp55u
ZXAC2ttDxQCQcyoGUFRJX89DMSShE9x4CQ7MHVrkNE3dzS0yVXp78UbNsangLlkp4ZEB
131g==
X-Gm-Message-State: AKwxytcy9sUQsm8X3TML4R4vfyLN4nB6w9Z2psyQsvitKTNXrzGcNUbw
HGFqdPw7Hecu0oCdnGdkTJnvp7KgvcusBuqLSBQ=
X-Google-Smtp-Source: AH8x224mDk55RUdw3YIxa6LwiBDJhZCndZLf4PIueXw6SAjLRWXi1+kmXIKwNOjnJ8AogvRVKYtbHeEDeKts0FqNVvs=
X-Received: by 10.176.91.135 with SMTP id y7mr647192uae.46.1516669545111; Mon,
22 Jan 2018 17:05:45 -0800 (PST)
MIME-Version: 1.0
Sender: gmaxwell@gmail.com
Received: by 10.103.78.155 with HTTP; Mon, 22 Jan 2018 17:05:44 -0800 (PST)
In-Reply-To: <CAMZUoK=ffKHM9WN=zrSME5y904u6ZYsfnCpeT_BYT=5Z+NxYsw@mail.gmail.com>
References: <51280a45-f86b-3191-d55e-f34e880c1da8@satoshilabs.com>
<CAAS2fgRQk4EUp6FO2f+RkJpDTyZX0N4=uGp7ZF=0aUchZX8hSA@mail.gmail.com>
<4003eed1-584f-9773-8cf9-6300ebd1eac6@satoshilabs.com>
<CAAS2fgSw0mAQPJ-ai-3kFr7pWXd7pjbrEoXN4r6Ak3o4c8_vjw@mail.gmail.com>
<d6eb0fc3-d729-30cb-986b-b1d7b8aacbd6@satoshilabs.com>
<CAAS2fgQtf_LDDcWDmvM+kjPCSqaQVwVd2rKWVtho4-XSAHpJZQ@mail.gmail.com>
<CAMZUoK=ffKHM9WN=zrSME5y904u6ZYsfnCpeT_BYT=5Z+NxYsw@mail.gmail.com>
From: Gregory Maxwell <greg@xiph.org>
Date: Tue, 23 Jan 2018 01:05:44 +0000
X-Google-Sender-Auth: Hiqv_vqFNNZ9VfFgB6nW4l-55qw
Message-ID: <CAAS2fgQFu3FW+zE+bHOKQT0jFCWk+9LncPfQw+5uvMXZAYahiQ@mail.gmail.com>
To: "Russell O'Connor" <roconnor@blockstream.io>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, FREEMAIL_FROM,
RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
X-Mailman-Approved-At: Tue, 23 Jan 2018 01:36:32 +0000
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Satoshilabs secret shared private key scheme
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jan 2018 01:05:46 -0000
On Mon, Jan 22, 2018 at 7:21 PM, Russell O'Connor
<roconnor@blockstream.io> wrote:
> At this point, is it better just to use GF(2^256+n)? Is GF(2^256+n) going
> to be that much slower than GF(2^8) that we care to make things this
> complicated? (I honestly don't know the answer.)
I expect it would be especially since operations must be implemented
in sidechannel resistant manners.
Also, binary extension fields are doing to have linear subgroup
properties where leaking part of elements wouldn't be good. Not as
obviously broken as the example I gave above, but still in the domain
of "get chunks of a lot of a supra threshold set of shares, and setup
a latices basis problem that can provide an efficient subspace to
search".
|
