[curves] Non-interactive zero knowledge proofs of discrete log equivalence
Tony Arcieri
bascule at gmail.com
Wed Feb 15 15:05:20 PST 2017
Hello all,
We have just published a blog post on how we have attempted to harden a
system we're developing (a "blockchain"-based money-moving system) against
certain types of post-quantum attacks, and also provide a contingency plan
for post-quantum attacks:
https://blog.chain.com/preparing-for-a-quantum-future-45535b316314#.jqhdrrmhi
Personally I'm not too concerned about these sorts of attacks happening any
time soon, but having a contingency plan that doesn't hinge on still
shaky-seeming post-quantum algorithms seems like a good idea to me. If you
have any feedback on this post, feel free to ping me off-list or start
specific threads about anything we've claimed here that may be bogus.
One of the many things discussed in this post is non-interactive zero
knowledge proofs of discrete log equivalence ("DLEQ"): proving that two
curve points are ultimately different scalar multiples of the same curve
point without revealing the common base point or the discrete logs
themselves.
I was particularly curious if there were any papers about this idea. I had
come across similar work (h/t Philipp Jovanovic) in this general subject
area (I believe by EPFL?) but I have not specifically found any papers on
this topic:
https://github.com/dedis/crypto/blob/master/proof/dleq.go#L104
If anyone knows of papers about this particular problem, I'd be very
interested in reading them.
--
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/curves/attachments/20170215/9dacdce0/attachment.html>
More information about the Curves
mailing list