Daira-Emma Hopwood
Daira-Emma Hopwood
cxx has a [`Result` type](https://cxx.rs/binding/result.html) but it maps errors to exceptions (always of type [`cxx::Exception`](https://docs.rs/cxx/1.0.72/cxx/struct.Exception.html)), and does not allow specifying the error type, which are both not what we want....
[tl::expected](https://github.com/TartanLlama/expected) looks good to me: * MIT-compatible license (CC0); * Seems to have good unit tests and portability; * Implementation of the proposed `std::expected` with Rust Result-like extensions (`map`, `map_error`,...
@imichaelmiers Post-quantum security does not mean security against computationally unbounded attackers. The commitment scheme [in Sprout] is post-quantum secure if the SHA-256 compression function is a post-quantum collision-resistant PRF. (It...
Grover's algorithm (the multi-target version) is provably optimal for a black-box quantum preimage search. I think there is considerable value in choosing parameters to resist that if we can do...
@defuse wrote: > Grover can also be used to speed up collision-finding to the cube-root rather than the square-root, e.g. http://arxiv.org/pdf/quant-ph/9705002.pdf Dan Bernstein [disagrees](https://cr.yp.to/hash/collisioncost-20090823.pdf): > A quantum algorithm by Brassard,...
Note that Pedersen commitments are not post-quantum binding. Neither are the potentially more SNARK circuit-efficient commitments in section 4 of https://eprint.iacr.org/2014/719 Later edit: commitments based on circuit-efficient hashes such as...
BTW, let's agree to use "[plausibly] post-quantum" only for protocols that, as far as we know now, actually have some hope of being secure against quantum computers. Let's use "plausibly...
I'd like to reiterate that Zcash as it stands, already is conjectured to be PPQ forward private when addresses are kept secret.
@elibensasson et al's work on post-quantum STARKs is relevant here: https://www.youtube.com/watch?v=HJ9K_o-RRSY
See https://github.com/zcash/zcash/issues/570#issuecomment-296450324 for a note on PPQ forward privacy.