[curves] Costs of cofactor > 1

Robert Ransom rransom.8774 at gmail.com
Wed Dec 24 11:03:39 PST 2014


On 12/24/14, Michael Hamburg <mike at shiftleft.org> wrote:

> You asked specifically about batch verification.  I’m not aware of deployed
> systems that need or use batch verification.  The EVITA vehicle-to-vehicle
> specs do require an extremely high rate of verification, but since they use
> ECDSA, no batching is possible.  It might or might not be desirable in that
> setting, because there are constraints on latency as well as throughput, but
> having an option would be nice.

Vehicle-to-vehicle communications is also an excellent example of a
non-anonymity-related application in which
implementation-distinguishing attacks can be quite serious.  (Imagine
a car accepting the signature on a message which tells it to slow
down, and the large truck behind it rejecting that same signature.)


Robert Ransom


More information about the Curves mailing list