Re: [Cfrg] BLS standard draft

Tony Arcieri <> Mon, 11 February 2019 14:57 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id A2A19130E95 for <>; Mon, 11 Feb 2019 06:57:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 7zkLVTLLmD9H for <>; Mon, 11 Feb 2019 06:57:01 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::32f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 8E4A1130E8A for <>; Mon, 11 Feb 2019 06:57:01 -0800 (PST)
Received: by with SMTP id i20so17956140otl.0 for <>; Mon, 11 Feb 2019 06:57:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=MLO+c7uV6PYvp2B4PhLjPw2JGxNQY1lJ4kIeKBpIhDY=; b=kzjIMbMIFuVfYNMC8BtcfDcHWZjmrRUiuoApTsB1o/9spZaNuW6olaa+Isgzzu7nx1 H0jvPbWNj4jdhsWL3hhg2mclvp307TrRpzVUsiY8z5BE8oXsGOitkWLMbq2bzvzgaf0G CVAB1v/RX55IzSLKPgqTjV12mDKMmbwUTQPKlnizjou25LOIpbZJ6+MAtqrXV3eEza5g hGYkzRZNBMqLXbslm4emQ6Hwyd5SbzJmzB3mT/1ZKqFGH3U6TK+kAoZD3YBrI/yVLUDi ng1sTAyf+LmeJROs37me1HmzeBPxPkWucR9c4pfpxApFAbW8hRXtopoKkqNbCIazqTPZ S9Vg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=MLO+c7uV6PYvp2B4PhLjPw2JGxNQY1lJ4kIeKBpIhDY=; b=Gflq+oeWsheOMCCGMDUQ7v279eTx0hgZucwVeU6lEHPmslntdKEtRlRss/Kqf50HxB 3z9zxldfLXmmV4kOw4p++zPSkbXZKXqiQpN4V/IwLVVtEq/TyVJYlScPjBcNvnS5fPcy ZsMBbgh66x36WsrjR1U4L8VauP4ddj6wJOhM0xRYz5gAx1wnK3LXLdckbSUmPp9MDxut Oq3tokIKtofjtLAo9DMyA/Px4dhX9rnJKLbp5Pg0k8otPHoYNe74G7JkQuhvuFADnXe5 O38Adofdh5hjlwkC0NG7tIa6XHhUJElwL01u1Hi0HIzmIVrszMs8xEZH1LsoiiRr3CWq dW+Q==
X-Gm-Message-State: AHQUAub8Ky74DWwFr+RaICepOW7w6PMfDSwEmgUo1zBku5q167OdBjzi fE6lc0CyTmgy8n5PYZ+7IAHicBMJrZBOShUE8wI=
X-Google-Smtp-Source: AHgI3IbBzzSq1nDyUTxpQszNHgajoE8elgKMWB7wPBo5jnCliLucZpFyr/rM0bqoxEs7CnTOPLnUopcjL6pwSk21vnM=
X-Received: by 2002:a05:6830:1297:: with SMTP id z23mr9073112otp.257.1549897020538; Mon, 11 Feb 2019 06:57:00 -0800 (PST)
MIME-Version: 1.0
References: <> <> <>
In-Reply-To: <>
From: Tony Arcieri <>
Date: Mon, 11 Feb 2019 06:56:49 -0800
Message-ID: <>
To: Michael Scott <>
Cc: CFRG <>
Content-Type: multipart/alternative; boundary="00000000000059036005819f857e"
Archived-At: <>
Subject: Re: [Cfrg] BLS standard draft
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 11 Feb 2019 14:57:04 -0000

On Mon, Feb 11, 2019 at 3:52 AM Michael Scott <> wrote:

> 1) Pairing-based crypto threw open the doors to lots of nice new crypto
> possibilities, enabling stuff that we couldn't do before
> 2) Gradually post-quantum crypto is catching up and demonstrating
> capabilities that mirror some (but not all) of these achievements

I'd agree with this: it is great people are working on post-quantum
cryptography, but I do not view the threat as particular urgent (i.e. 10+
years away, if ever), and therefore think it makes sense to continue to
work on pre-quantum and post-quantum schemes in parallel.

Furthermore I'd like to add that pairings-based signature schemes like this
have somewhat unique and highly useful properties around offline signature
aggregation and small signature sizes. At least to my knowledge, there is
no post-quantum secure equivalent of bilinear pairings (perhaps I'm
mistaken?), so if we focus exclusively on post-quantum schemes we leave all
of these benefits on the table, even in the event large QCs capable of
attacking this class of elliptic curve prove to be intractable.

Tony Arcieri