summaryrefslogtreecommitdiff
path: root/20/ddf4064c845141d17aef767275ed0bd06a3093
blob: d75fc96b5f12fc4da321ce1f7e276a439b768650 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
Return-Path: <gmaxwell@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id 584B6E6A
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Tue, 23 Jan 2018 01:05:46 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-ua0-f179.google.com (mail-ua0-f179.google.com
	[209.85.217.179])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id EC533134
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Tue, 23 Jan 2018 01:05:45 +0000 (UTC)
Received: by mail-ua0-f179.google.com with SMTP id n2so7198468uak.9
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Mon, 22 Jan 2018 17:05:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=mime-version:sender:in-reply-to:references:from:date:message-id
	:subject:to:cc;
	bh=mD8Vg5f1vuK4brTzIZVx3Txlzacn+OZxvjnAh5odwTw=;
	b=nXnFKO4VX2SY6Etgeik5RMZ3qOrtsD5SQHf362G8UiF8fYfP4ONF/bDurFkQrwlJ3V
	/jtqPJI1Cvg8t2eWCMWCPPyQhiQgL7HwfoLrzIBYR9wPgL0OijHLcKlUY2YWMbJE0rNL
	0yP/VJdk/qCNA1DGE+wImq7MU/sbrRvytxD7SABIRBNKrp2tWn7dNkGO1FzaUrEDbjVn
	fEQpshZniXopNWV/c2veh+3FfWp49x2iVxqs+Fioa0SFYKIZceTGzjg+LqtyQkcit3Gd
	MLYdl2vZmlh/StFXXAdesSQQUbApsrtrL2ZHIFKUQmm/6OS6aWazTPem41N/ACQMDrYd
	zmLw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
	:date:message-id:subject:to:cc;
	bh=mD8Vg5f1vuK4brTzIZVx3Txlzacn+OZxvjnAh5odwTw=;
	b=VfXTMztCijEynzTapogvXVVzPerUFnBbLcrfjLsu7axqRjNupur40QCCBGjQgAeLce
	e00U6iYSbAIUgRrHlWm5HFrL0ZyYKU3n+WfBWObUm4i1JMpkp/vVLm/FjhVXlaCPr2bH
	0THr3KwezxDCIH5ZI8Jl1gqxwB4mm0Ex8VEdoq+eV0od+Iwfh/iFQUKUi3Y+Z04Q5vdj
	RUfu+oo2BuXO6/wymEc+I2qglIKW64jXU4MDAEnkLvIpModuI97aimLAHRpXqdmWp55u
	ZXAC2ttDxQCQcyoGUFRJX89DMSShE9x4CQ7MHVrkNE3dzS0yVXp78UbNsangLlkp4ZEB
	131g==
X-Gm-Message-State: AKwxytcy9sUQsm8X3TML4R4vfyLN4nB6w9Z2psyQsvitKTNXrzGcNUbw
	HGFqdPw7Hecu0oCdnGdkTJnvp7KgvcusBuqLSBQ=
X-Google-Smtp-Source: AH8x224mDk55RUdw3YIxa6LwiBDJhZCndZLf4PIueXw6SAjLRWXi1+kmXIKwNOjnJ8AogvRVKYtbHeEDeKts0FqNVvs=
X-Received: by 10.176.91.135 with SMTP id y7mr647192uae.46.1516669545111; Mon,
	22 Jan 2018 17:05:45 -0800 (PST)
MIME-Version: 1.0
Sender: gmaxwell@gmail.com
Received: by 10.103.78.155 with HTTP; Mon, 22 Jan 2018 17:05:44 -0800 (PST)
In-Reply-To: <CAMZUoK=ffKHM9WN=zrSME5y904u6ZYsfnCpeT_BYT=5Z+NxYsw@mail.gmail.com>
References: <51280a45-f86b-3191-d55e-f34e880c1da8@satoshilabs.com>
	<CAAS2fgRQk4EUp6FO2f+RkJpDTyZX0N4=uGp7ZF=0aUchZX8hSA@mail.gmail.com>
	<4003eed1-584f-9773-8cf9-6300ebd1eac6@satoshilabs.com>
	<CAAS2fgSw0mAQPJ-ai-3kFr7pWXd7pjbrEoXN4r6Ak3o4c8_vjw@mail.gmail.com>
	<d6eb0fc3-d729-30cb-986b-b1d7b8aacbd6@satoshilabs.com>
	<CAAS2fgQtf_LDDcWDmvM+kjPCSqaQVwVd2rKWVtho4-XSAHpJZQ@mail.gmail.com>
	<CAMZUoK=ffKHM9WN=zrSME5y904u6ZYsfnCpeT_BYT=5Z+NxYsw@mail.gmail.com>
From: Gregory Maxwell <greg@xiph.org>
Date: Tue, 23 Jan 2018 01:05:44 +0000
X-Google-Sender-Auth: Hiqv_vqFNNZ9VfFgB6nW4l-55qw
Message-ID: <CAAS2fgQFu3FW+zE+bHOKQT0jFCWk+9LncPfQw+5uvMXZAYahiQ@mail.gmail.com>
To: "Russell O'Connor" <roconnor@blockstream.io>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID, FREEMAIL_FROM,
	RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
X-Mailman-Approved-At: Tue, 23 Jan 2018 01:36:32 +0000
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Satoshilabs secret shared private key scheme
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jan 2018 01:05:46 -0000

On Mon, Jan 22, 2018 at 7:21 PM, Russell O'Connor
<roconnor@blockstream.io> wrote:
> At this point, is it better just to use GF(2^256+n)?  Is GF(2^256+n) going
> to be that much slower than GF(2^8) that we care to make things this
> complicated?  (I honestly don't know the answer.)

I expect it would be especially since operations must be implemented
in sidechannel resistant manners.

Also, binary extension fields are doing to have linear subgroup
properties where leaking part of elements wouldn't be good. Not as
obviously broken as the example I gave above, but still in the domain
of "get chunks of a lot of a supra threshold set of shares, and setup
a latices basis problem that can provide an efficient subspace to
search".