knaccc
knaccc
Same table as above, but instead showing blockchain storage/verification times relative to ring size 16 ring size | 1-in 2-out individual tx size (bytes) | individual tx size premium (vs...
@SamsungGalaxyPlayer I absolutely agree that most people won't churn. The most critical question left, therefore, is how to reason about the increased tx verification times. Ring size 15/16/17 will mean...
I like the idea. I assume the simple fix is to just ensure that authenticated encryption such as AESGCM is used. Or ChaCha20-Poly1305 encrypt-then-mac. I think you could also achieve...
@RandomRun Great point about censorship if a well-known channel is used. The problem in general if you don't authenticate before decryption is the [cryptographic doom principle](https://moxie.org/blog/the-cryptographic-doom-principle/) There are two types...
@RandomRun The AEAD scheme (e.g. AESGCM) would use an authentication key derived from the encryption key `s`. See https://crypto.stackexchange.com/questions/44526/why-does-aes-gcm-not-require-an-auth-key-but-encrypt-then-mac-does It's important that the integrity of the ciphertext is verified, and...
@RandomRun I think the following would work - it would mean that: 1. We still get the subaddress scheme scalability advantage of being able to detect all incoming messages with...
@RandomRun Excellent point about `R + a*R` being recoverable since `rD` is posted. > For subaddresses, perhaps simply using s = keccak(r*G) could work as their shared secret Ooh, yes...
Perhaps you can flesh out the use cases more so we can understand the workflows. For example, I didn't understand why it would not be an advantage for an auditor...
@PeterSurda When you say Bitmessage does "sign-then-encrypt", does "sign" mean a symmetric or asymmetric signature? It's the symmetric signature (e.g. some kind of HMAC using a symmetric authentication key) that...
@tevador Great thoughts, thanks. I'm very interested in hearing as many thoughts on this proposal as possible, because this is a very important problem.