📅 Original date posted:2018-01-22
📝 Original message:On Mon, Jan 22, 2018 at 7:21 PM, Russell O'Connor
<roconnor at blockstream.io> wrote:
> At this point, is it better just to use GF(2^256+n)? Is GF(2^256+n) going
> to be that much slower than GF(2^8) that we care to make things this
> complicated? (I honestly don't know the answer.)
I expect it would be especially since operations must be implemented
in sidechannel resistant manners.
Also, binary extension fields are doing to have linear subgroup
properties where leaking part of elements wouldn't be good. Not as
obviously broken as the example I gave above, but still in the domain
of "get chunks of a lot of a supra threshold set of shares, and setup
a latices basis problem that can provide an efficient subspace to
search".
Gregory Maxwell [ARCHIVE] /
npub1f2…crwet
2023-06-07 18:09:35
in reply to nevent1q…lrjs
Author Public Key
npub1f2nvlx49er5c7sqa43src6ssyp6snd4qwvtkwm5avc2l84cs84esecrwetPublished at
2023-06-07 18:09:35Event JSON
{
"id": "b33be36392a21ef064fab5bd730747967276c93bd2ed669fa5383113dc19397e",
"pubkey": "4aa6cf9aa5c8e98f401dac603c6a10207509b6a07317676e9d6615f3d7103d73",
"created_at": 1686161375,
"kind": 1,
"tags": [
[
"e",
"ac3c87f148ca764c85262d935c0d26818cde51a790aa045223a08240c1ff8e91",
"",
"root"
],
[
"e",
"e3790a241cc44c3bd4f98dfa85b884ccf1646b2d9f27af16ecc8d01657620564",
"",
"reply"
],
[
"p",
"6b8e77368804013d7126ba4b77c7963bcfeff909135791531097d7a0f03ca85d"
]
],
"content": "📅 Original date posted:2018-01-22\n📝 Original message:On Mon, Jan 22, 2018 at 7:21 PM, Russell O'Connor\n\u003croconnor at blockstream.io\u003e wrote:\n\u003e At this point, is it better just to use GF(2^256+n)? Is GF(2^256+n) going\n\u003e to be that much slower than GF(2^8) that we care to make things this\n\u003e complicated? (I honestly don't know the answer.)\n\nI expect it would be especially since operations must be implemented\nin sidechannel resistant manners.\n\nAlso, binary extension fields are doing to have linear subgroup\nproperties where leaking part of elements wouldn't be good. Not as\nobviously broken as the example I gave above, but still in the domain\nof \"get chunks of a lot of a supra threshold set of shares, and setup\na latices basis problem that can provide an efficient subspace to\nsearch\".",
"sig": "ed085c821c7eab9bbf8037ef6f396dd17fab122217bd41efc1520d52b1f8cbf062f9ada48e361bbee53e06f28daeebcde146eb5c8987e8c9ee0e1b72bda73411"
}