📅 Original date posted:2014-01-18
📝 Original message:On Sat, Jan 18, 2014 at 3:12 PM, Jeremy Spilman <jeremy at taplink.co> wrote:
> In the case where payment is being sent only to Q1, and Q2 is for discovery only, perhaps we could use a 160-bit curve for d2/Q2 and e/P resulting in 20 byte vs 32 bytes in the OP_RETURN, and of course faster multiplication.
>
> 80-bits of security I assume still greatly exceeds the actual level of privacy you get with the overall solution, and since Q2 is never protecting actual funds...
>
> But if it's a "real weakening" of the privacy then definitely not worth it, and even the added complexity of another curve seems possibly not worth it...
Well super-fast hand optimized code for (your choice of) 160 bit curve
may not ever exist, making it slower in practice. Plus the extra code
to carry around even if it does exist…
Gregory Maxwell [ARCHIVE] /
npub1f2…crwet
2023-06-07 15:11:50
in reply to nevent1q…6xwg
Author Public Key
npub1f2nvlx49er5c7sqa43src6ssyp6snd4qwvtkwm5avc2l84cs84esecrwetPublished at
2023-06-07 15:11:50Event JSON
{
"id": "a273606c1444a7a339251698e25118364ff04a7ad2750f02da102e3671ef7f2b",
"pubkey": "4aa6cf9aa5c8e98f401dac603c6a10207509b6a07317676e9d6615f3d7103d73",
"created_at": 1686150710,
"kind": 1,
"tags": [
[
"e",
"6b79d8c7bec3dc6952db91cc68d0510d9897c37dcf58a24d8e2f4288fe42525c",
"",
"root"
],
[
"e",
"7e28f63fe45546c22a46de7e33df5f8eeda1ed8a498d991c90ee57049c6ea3d0",
"",
"reply"
],
[
"p",
"7e57666cff7c86f9410d33d4d34ef3e5105395b3c74af472541dbeeb743f9de3"
]
],
"content": "📅 Original date posted:2014-01-18\n📝 Original message:On Sat, Jan 18, 2014 at 3:12 PM, Jeremy Spilman \u003cjeremy at taplink.co\u003e wrote:\n\u003e In the case where payment is being sent only to Q1, and Q2 is for discovery only, perhaps we could use a 160-bit curve for d2/Q2 and e/P resulting in 20 byte vs 32 bytes in the OP_RETURN, and of course faster multiplication.\n\u003e\n\u003e 80-bits of security I assume still greatly exceeds the actual level of privacy you get with the overall solution, and since Q2 is never protecting actual funds...\n\u003e\n\u003e But if it's a \"real weakening\" of the privacy then definitely not worth it, and even the added complexity of another curve seems possibly not worth it...\n\nWell super-fast hand optimized code for (your choice of) 160 bit curve\nmay not ever exist, making it slower in practice. Plus the extra code\nto carry around even if it does exist…",
"sig": "8f927c9dddc07ff4e457248a84ed113bb80c52e729737c9f7cbcba0285b4df021aea4083807044c53e67f1fd8d2d314b31ba1d62d6349ff3e884a9ad9f2918e6"
}