Author: Gregory Maxwell 2013-08-05 06:41:57
Published on: 2013-08-05T06:41:57+00:00
In an email exchange, Peter Vessenes discusses the security of digital signature schemes with a colleague. He notes that NTRU, a lattice-based algorithm, is one of the few NIST-recommended post-quantum resistant algorithms. However, he also mentions that Lamport signatures are simpler, faster, and intuitively secure under both classical and quantum computation. Lamport signatures are the only digital signature scheme that can be easily explained to someone who is not a cryptographer.Despite this, Lamport signatures have poor space/bandwidth usage properties which make them unsuitable for use in Bitcoin. However, all post-quantum schemes have similar issues. Vessenes also questions the claim that elliptic curve cryptography (ECC) is significantly more secure than RSA. While the problems underlying these two encryption methods are related, ECC is typically used with smaller keys and is considered the maximally hard case of its problem class. Nonetheless, Vessenes worries about breakthroughs that could give index-calculus level performance for general elliptic curves.
Updated on: 2023-05-19T17:22:58.680325+00:00