Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Development & Technical Discussion
Re: If we find DLP solution for EC, what is the alternative to replace ECC?
by
NotATether
on 17/10/2023, 12:38:24 UTC
Quote from: j2002ba2 on October 13, 2023, 05:00:01 PM
Quote from: digaran on October 13, 2023, 02:15:32 PM
Is there any alternatives to replace  ECC?

|-------------+-------+-------+-------+----------+-------+-------+-------+----------|
| Name        | PrivK |  PubK |   Sig | Security |  PubK |   Sig | block |  average |
|             | bytes | bytes | bytes |     bits | *secp | *secp | *secp | block MB |
|-------------+-------+-------+-------+----------+-------+-------+-------+----------|
| secp256k1   |    32 |    32 |    64 |      128 |   1.0 |   1.0 |   1.0 |      1.3 |
|-------------+-------+-------+-------+----------+-------+-------+-------+----------|
| RSA 2048    |   512 |   256 |   256 |      112 |   8.0 |   4.0 |   6.0 |      7.8 |
| RSA 3072    |   768 |   384 |   384 |      128 |  12.0 |   6.0 |   9.0 |     11.7 |
|-------------+-------+-------+-------+----------+-------+-------+-------+----------|
| Dilithium2  |  2528 |  1312 |  2420 |      128 |  41.0 |  37.8 |  39.4 |     51.2 |
| Dilithium3  |  4000 |  1952 |  3293 |      192 |  61.0 |  51.5 |  56.2 |     73.1 |
| Dilithium5  |  4864 |  2592 |  4595 |      256 |  81.0 |  71.8 |  76.4 |     99.3 |
|-------------+-------+-------+-------+----------+-------+-------+-------+----------|
| Falcon-512  |  1281 |   897 |   666 |      128 |  28.0 |  10.4 |  19.2 |     25.0 |
| Falcon-1024 |  2305 |  1793 |  1280 |      256 |  56.0 |  20.0 |  38.0 |     49.4 |
|-------------+-------+-------+-------+----------+-------+-------+-------+----------|
| Sphincs+    |    64 |    32 |  7856 |      128 |   1.0 | 122.8 |  61.9 |     80.5 |
| Sphincs+    |    96 |    48 | 16224 |      192 |   1.5 | 253.5 | 127.5 |    165.8 |
| Sphincs+    |   128 |    64 | 29792 |      256 |   2.0 | 465.5 | 233.8 |    303.9 |
|-------------+-------+-------+-------+----------+-------+-------+-------+----------|


If you look at the average block MB, I can at least guess why Satoshi chose the secp256k1 keypairs for including their signatures in transactions, as the rest of the cryptosystems have large block-sizes that resemble Bitcoin Cash and SV. This is most likely because of the ballooning sig-bytes sizes.

These two:

Quote

| Falcon-512  |  1281 |   897 |   666 |      128 |  28.0 |  10.4 |  19.2 |     25.0 |
| Falcon-1024 |  2305 |  1793 |  1280 |      256 |  56.0 |  20.0 |  38.0 |     49.4 |
|-------------+-------+-------+-------+----------+-------+-------+-------+----------|
| Sphincs+    |    64 |    32 |  7856 |      128 |   1.0 | 122.8 |  61.9 |     80.5 |
| Sphincs+    |    96 |    48 | 16224 |      192 |   1.5 | 253.5 | 127.5 |    165.8 |
| Sphincs+    |   128 |    64 | 29792 |      256 |   2.0 | 465.5 | 233.8 |    303.9 |
|-------------+-------+-------+-------+----------+-------+-------+-------+----------|


are the quantum algorithms, right? Or is Dilithium also one of them?

Is there any quantum digital signature algorithm that does not make humongous signatures?