📅 Original date posted:2013-08-05 📝 Original message:-----BEGIN PGP SIGNED ...

Why Nostr? What is Njump?

John Dillon [ARCHIVE] /

npub15z…kn0zr

2023-06-07 15:05:31

in reply to nevent1q…3euh

📅 Original date posted:2013-08-05
📝 Original message:-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Mon, Aug 5, 2013 at 3:30 AM, Peter Vessenes <peter at coinlab.com> wrote:
> I studied with Jeffrey Hoffstein at Brown, one of the creators of NTRU. He
> told me recently NTRU, which is lattice based, is one of the few (only?)
> NIST-recommended QC-resistant algorithms.
>
> We talked over layering on NTRU to Bitcoin last year when I was out that
> way; I think such a thing could be done relatively easily from a crypto
> standpoint. Of course, there are many, many more questions beyond just the
> crypto.

Is NTRU still an option? My understanding is that NTRUsign, the algorithm to
produce signatures as opposed to encryption, was broken last year:
http://www.di.ens.fr/~ducas/NTRUSign_Cryptanalysis/DucasNguyen_Learning.pdf

Having said that my understanding is also that the break requires a few
thousand signatures, so perhaps for Bitcoin it would still be acceptable given
that we can, and should, never create more than one signature for any given key
anyway. You would be betting that improving the attack from a few thousand
signatures to one is not possible however.

In any case, worst comes to worst there are always lamport signatures. If they
are broken hash functions are broken and Bitcoin is fundementally broken
anyway, though it would be nice to have alternatives that are similar is pubkey
and signature size to ECC.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEcBAEBCAAGBQJR/zffAAoJEEWCsU4mNhiPypEH/1AoIR5eWewNbGO9/AZNykwf
Rs3P1iOJYt4oR0oTOHwlsXKX1qU9QAvWQUjDH60XyChCqb+E+xMz4LZgV6H71A03
XcEUZ6r4TRtEdH5kWwtoaxz2oxIIfwfRHIisUCCX2VvXzlBDjcuZvPQXSB0KE8Sx
z8pBZuRKbLeU19COK4BZs1/83/DTsYrV0Ln3LYT3UT5oiJBzA9pmX0cVxQePx2rc
hoNaxR4wR/oCUCvv73xhbzvB91RrAEgrJsd1ve4qR14LxWeOnTHqWQ2/E5JechZz
is/ryBW1Yit5GmsQlfNtKhS3zAaiCjha5e03CaSSlT0LjuVabe2A43LfEb0n4Mw=
=c5f5
-----END PGP SIGNATURE-----

Author Public Key

npub15z6e9t07ugx267aj3s3c487pln852ydytzlgu0vkkqxfznyvx4jq4kn0zr

Seen on

wss://relay.nostr.band

Show more details

Published at

2023-06-07 15:05:31

Kind type

1 Short Text Note

Event JSON

{ "id": "24a1bf3c80c48816a734d3deabbddfe08a4b1011828ec62f9bde8f21f8614e7d", "pubkey": "a0b592adfee20cad7bb28c238a9fc1fccf4511a458be8e3d96b00c914c8c3564", "created_at": 1686150331, "kind": 1, "tags": [ [ "e", "2f2b62dd902f5a8ee01bc2d15f13cdd2131ceb5ca279e6603f849aa0430311f2", "", "root" ], [ "e", "685e096f0db860a1066b27cecb5f64d5006334c8e57aa90dde1c7d26ac91a931", "", "reply" ], [ "p", "c8914ab5f1efb93771e9c5b7fe20dcff2c343f46f4846ae6689a0c9478b04e01" ] ], "content": "📅 Original date posted:2013-08-05\n📝 Original message:-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nOn Mon, Aug 5, 2013 at 3:30 AM, Peter Vessenes \u003cpeter at coinlab.com\u003e wrote:\n\u003e I studied with Jeffrey Hoffstein at Brown, one of the creators of NTRU. He\n\u003e told me recently NTRU, which is lattice based, is one of the few (only?)\n\u003e NIST-recommended QC-resistant algorithms.\n\u003e\n\u003e We talked over layering on NTRU to Bitcoin last year when I was out that\n\u003e way; I think such a thing could be done relatively easily from a crypto\n\u003e standpoint. Of course, there are many, many more questions beyond just the\n\u003e crypto.\n\nIs NTRU still an option? My understanding is that NTRUsign, the algorithm to\nproduce signatures as opposed to encryption, was broken last year:\nhttp://www.di.ens.fr/~ducas/NTRUSign_Cryptanalysis/DucasNguyen_Learning.pdf\n\nHaving said that my understanding is also that the break requires a few\nthousand signatures, so perhaps for Bitcoin it would still be acceptable given\nthat we can, and should, never create more than one signature for any given key\nanyway. You would be betting that improving the attack from a few thousand\nsignatures to one is not possible however.\n\nIn any case, worst comes to worst there are always lamport signatures. If they\nare broken hash functions are broken and Bitcoin is fundementally broken\nanyway, though it would be nice to have alternatives that are similar is pubkey\nand signature size to ECC.\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niQEcBAEBCAAGBQJR/zffAAoJEEWCsU4mNhiPypEH/1AoIR5eWewNbGO9/AZNykwf\nRs3P1iOJYt4oR0oTOHwlsXKX1qU9QAvWQUjDH60XyChCqb+E+xMz4LZgV6H71A03\nXcEUZ6r4TRtEdH5kWwtoaxz2oxIIfwfRHIisUCCX2VvXzlBDjcuZvPQXSB0KE8Sx\nz8pBZuRKbLeU19COK4BZs1/83/DTsYrV0Ln3LYT3UT5oiJBzA9pmX0cVxQePx2rc\nhoNaxR4wR/oCUCvv73xhbzvB91RrAEgrJsd1ve4qR14LxWeOnTHqWQ2/E5JechZz\nis/ryBW1Yit5GmsQlfNtKhS3zAaiCjha5e03CaSSlT0LjuVabe2A43LfEb0n4Mw=\n=c5f5\n-----END PGP SIGNATURE-----", "sig": "38964d4b633cd06828be36aa50819272e87399d770caba514c270205a9407fb8c4b715605607f196147f7d254ce0635491710310e42517203651c0ed963c1361" }