[curves] Collective Edwards-Curve Digital Signature Algorithm

Gregory Maxwell gmaxwell at gmail.com
Tue Jul 4 16:15:10 PDT 2017


The lack of delinearization makes this rather fragile: if someone
fails to check a key signature their key can be canceled.  Having to
carry around those signatures also makes this approach unsuitable for
some applications e.g. where keys are used once and the group is
formed by the verifier instead of the signers, in that case the
additional signatures plus the collective signature require more
bandwidth and computation than normal single party signatures.

On Tue, Jul 4, 2017 at 9:04 AM, Nicolas Gailly <nicolas.gailly at epfl.ch> wrote:
> Hi all,
>
> We recently published an Internet-Draft about “Collective Edwards-Curve Digital Signature Algorithms” based on Ed25519 and Ed448: https://datatracker.ietf.org/doc/draft-ford-cfrg-cosi/
>
> We already submitted it to the CFRG mailing list (follow-up discussions in [0]), and and since we thought that this community might also be interested, we wanted to reach out to this mailing list, too.
>
> FWIW, we plan to give a short presentation on that topic at the next CFRG meeting in Prague (18th of July).
>
> Any feedback is more than welcome. Thanks!
>
> All the best,
>
> Nicolas
>
> [0] https://www.ietf.org/mail-archive/web/cfrg/current/msg09205.html
>
>
>
> _______________________________________________
> Curves mailing list
> Curves at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/curves
>


More information about the Curves mailing list