[tahoe-dev] (get) Down with ECDSA

Brian Warner warner at lothar.com
Thu Aug 20 11:06:16 PDT 2009


As Zooko pointed out, our main requirements are:

 * short signing key, so writecaps are short
 * short verifying key, so readcaps are short (note that confidentiality
   requires a second cryptovalue in the readcap, which adds pressure on
   the verifying key length)
 * fast keypair generation, so mkdir is fast

Other would-be-nice-to-have features:

 * intermediate keys, which would give us readcaps with just one
   cryptovalue
 * short signatures, which would make other (non-mutable-file) uses of
   this algorithm less cumbersome, specifically URLs which contain
   "my-right-to-consume-storage" Accounting certificate chains
 * fast signature generation/checking, to make mutfile/dirnode
   operations faster in general

And of course, the number one feature:

 * a working, stable implementation in pycryptopp

According to http://allmydata.org/trac/tahoe/ticket/331 , we've been
waiting 18 months for this one, so at this point I'm willing to go with
a generally-considered-secure-but-lacking-strong-proof algorithm over a
has-strong-proof-but-no-implementations one :-).

cheers,
 -Brian


More information about the tahoe-dev mailing list