Re: [Cfrg] Adoption of threshold drafts by RG
Ian Goldberg <iang@uwaterloo.ca> Tue, 29 September 2020 20:38 UTC
Return-Path: <iang@uwaterloo.ca>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D2AB13A1162 for <cfrg@ietfa.amsl.com>; Tue, 29 Sep 2020 13:38:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=uwaterloo.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RGRdwE1iSYQn for <cfrg@ietfa.amsl.com>; Tue, 29 Sep 2020 13:38:51 -0700 (PDT)
Received: from minos.uwaterloo.ca (minos.uwaterloo.ca [129.97.128.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2E5793A1165 for <cfrg@irtf.org>; Tue, 29 Sep 2020 13:38:50 -0700 (PDT)
Received: from mail.paip.net (whisk.cs.uwaterloo.ca [198.96.155.11]) (authenticated bits=0) by minos.uwaterloo.ca (8.14.4/8.14.4) with ESMTP id 08TKci2F006712 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 29 Sep 2020 16:38:47 -0400
DKIM-Filter: OpenDKIM Filter v2.11.0 minos.uwaterloo.ca 08TKci2F006712
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=uwaterloo.ca; s=default; t=1601411927; bh=p0ozo4G1pj+HQc0yVNZM6HVPw+a87kB782f5sVhP/rE=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=+erlHJPgISbp+YLGmygFL9Fr40fse2n7prd8wk1zMzpNtsVZOZRw8tX9iyOG9e6fs RMf1lxJUApfTcXsNg05ppZ3IbmjoTu6BMbtO3wA8VwtNa8xJsBXDVCyD/KaFxyE9Wz fNPPHobCsU9TXjM+J2zS1LJpPoY/KXQRWGelWYLU=
Received: from yoink (brandeis.paip.net [66.38.236.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.paip.net (Postfix) with ESMTPSA id 670165FC00DE; Tue, 29 Sep 2020 16:38:44 -0400 (EDT)
Received: from iang by yoink with local (Exim 4.90_1) (envelope-from <iang@uwaterloo.ca>) id 1kNMOZ-00065A-SF; Tue, 29 Sep 2020 16:38:43 -0400
Date: Tue, 29 Sep 2020 16:38:43 -0400
From: Ian Goldberg <iang@uwaterloo.ca>
To: Chelsea Komlo <ckomlo@uwaterloo.ca>
Cc: IRTF CFRG <cfrg@irtf.org>, Phillip Hallam-Baker <phill@hallambaker.com>, Watson Ladd <watsonbladd@gmail.com>
Message-ID: <20200929203843.GY3842@yoink.cs.uwaterloo.ca>
References: <CAMm+Lwj8z0i56G7iTh-z7fZM5z5=B7-x63rVJjuWT7mC1x6x3w@mail.gmail.com> <CACsn0c=9SwWsJ=D_gAStP+gnbfmZkTEokESa0wunpBxaJPvn3g@mail.gmail.com> <CAMm+LwgZ_o28FaUHJ2JdivarT7a3vUdBTRDKa4YLajF93Gn3ag@mail.gmail.com> <76cfa2f5d3c04193aa28d153ce7d4958@uwaterloo.ca>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <76cfa2f5d3c04193aa28d153ce7d4958@uwaterloo.ca>
User-Agent: Mutt/1.9.4 (2018-02-28)
X-UUID: 11078797-0973-4c51-b733-92283edb551b
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/oep-_RzDjiKmQeZQ53ByG-pRWNs>
Subject: Re: [Cfrg] Adoption of threshold drafts by RG
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Sep 2020 20:38:53 -0000
On Tue, Sep 29, 2020 at 08:21:28PM +0000, Chelsea Komlo wrote:
> After performing O(k*b*2^{1/lg(k)})
Typo fix: that should be O(k*b*2^{b/(1+lg(k))}) [and k here is actually
one more than the number of parallel signing operations the victim is
willing to support]. So 1 signing op at a time means k=2, and the above
is O(2b*2^{b/2}); i.e., basically the cost of extracting a DL in a b-bit
group, as expected. But 7 parallel signing ops means k=8, and the above
is O(8b*2^{b/4}), etc.
- [Cfrg] Adoption of threshold drafts by RG Phillip Hallam-Baker
- Re: [Cfrg] Adoption of threshold drafts by RG Watson Ladd
- Re: [Cfrg] Adoption of threshold drafts by RG Phillip Hallam-Baker
- Re: [Cfrg] Adoption of threshold drafts by RG Phillip Hallam-Baker
- Re: [Cfrg] Adoption of threshold drafts by RG Chelsea Komlo
- Re: [Cfrg] Adoption of threshold drafts by RG Phillip Hallam-Baker
- Re: [Cfrg] Adoption of threshold drafts by RG Ian Goldberg
- Re: [Cfrg] Adoption of threshold drafts by RG Chelsea Komlo
- Re: [Cfrg] Adoption of threshold drafts by RG Jeff Burdges
- Re: [Cfrg] Adoption of threshold drafts by RG Phillip Hallam-Baker
- Re: [Cfrg] Adoption of threshold drafts by RG Jeff Burdges
- Re: [Cfrg] Adoption of threshold drafts by RG Phillip Hallam-Baker
- Re: [Cfrg] Adoption of threshold drafts by RG Ian Goldberg