Tony Arcieri

2017-02-15 23:05:20 UTC

Hello all,

We have just published a blog post on how we have attempted to harden a

system we're developing (a "blockchain"-based money-moving system) against

certain types of post-quantum attacks, and also provide a contingency plan

for post-quantum attacks:

https://blog.chain.com/preparing-for-a-quantum-future-45535b316314#.jqhdrrmhi

Personally I'm not too concerned about these sorts of attacks happening any

time soon, but having a contingency plan that doesn't hinge on still

shaky-seeming post-quantum algorithms seems like a good idea to me. If you

have any feedback on this post, feel free to ping me off-list or start

specific threads about anything we've claimed here that may be bogus.

One of the many things discussed in this post is non-interactive zero

knowledge proofs of discrete log equivalence ("DLEQ"): proving that two

curve points are ultimately different scalar multiples of the same curve

point without revealing the common base point or the discrete logs

themselves.

I was particularly curious if there were any papers about this idea. I had

come across similar work (h/t Philipp Jovanovic) in this general subject

area (I believe by EPFL?) but I have not specifically found any papers on

this topic:

https://github.com/dedis/crypto/blob/master/proof/dleq.go#L104

If anyone knows of papers about this particular problem, I'd be very

interested in reading them.

We have just published a blog post on how we have attempted to harden a

system we're developing (a "blockchain"-based money-moving system) against

certain types of post-quantum attacks, and also provide a contingency plan

for post-quantum attacks:

https://blog.chain.com/preparing-for-a-quantum-future-45535b316314#.jqhdrrmhi

Personally I'm not too concerned about these sorts of attacks happening any

time soon, but having a contingency plan that doesn't hinge on still

shaky-seeming post-quantum algorithms seems like a good idea to me. If you

have any feedback on this post, feel free to ping me off-list or start

specific threads about anything we've claimed here that may be bogus.

One of the many things discussed in this post is non-interactive zero

knowledge proofs of discrete log equivalence ("DLEQ"): proving that two

curve points are ultimately different scalar multiples of the same curve

point without revealing the common base point or the discrete logs

themselves.

I was particularly curious if there were any papers about this idea. I had

come across similar work (h/t Philipp Jovanovic) in this general subject

area (I believe by EPFL?) but I have not specifically found any papers on

this topic:

https://github.com/dedis/crypto/blob/master/proof/dleq.go#L104

If anyone knows of papers about this particular problem, I'd be very

interested in reading them.

--

Tony Arcieri

Tony Arcieri