|
Title: Just throwing this out there: Using multiple forms of encryption for redundancy Post by: barbarousrelic on July 30, 2012, 06:39:41 PM It's unlikely, but possible, that someone could break ECDSA or SHA256, which would be bad for the Bitcoin community.
What would be the drawbacks of using two methods of encryption, one on top of the other, so that if either one is broken, Bitcoin remains unaffected? I presume it would be far less likely for two distinct forms of encryption to be defeated at exactly the same time, than to have one broken. Are there strong, well-tested encryption schemes that are based on mathematics sufficiently distinct from ECDSA? Side question: Do there exist viable forms of cryptography which are thought not to be defeatable by a quantum computer? I've heard of "Unbalanced Oil and Vinegar" which is supposed to be quantum-computer-resistant but not thoroughly tested. Title: Re: Just throwing this out there: Using multiple forms of encryption for redundancy Post by: notme on July 30, 2012, 06:45:54 PM It's unlikely, but possible, that someone could break ECDSA or SHA256, which would be bad for the Bitcoin community. What would be the drawbacks of using two methods of encryption, one on top of the other, so that if either one is broken, Bitcoin remains unaffected? I presume it would be far less likely for two distinct forms of encryption to be defeated at exactly the same time, than to have one broken. Are there strong, well-tested encryption schemes that are based on mathematics sufficiently distinct from ECDSA? Side question: Do there exist viable forms of cryptography which are thought not to be defeatable by a quantum computer? I've heard of "Unbalanced Oil and Vinegar" which is supposed to be quantum-computer-resistant but not thoroughly tested. Keep in mind a "break" never shatters an encryption or hashing method. It always happens in small incremental improvements on brute force techniques. That said, doubling up on the hash should be simple and would likely improve security. I believe layering ECDSA with another signing/verification method would be a little more challenging, but I don't have a strong enough crypto background to delve into how that might work. Title: Re: Just throwing this out there: Using multiple forms of encryption for redundancy Post by: Sergio_Demian_Lerner on July 30, 2012, 07:27:22 PM Mekle-Winternitz signatures are Quantum-computer proof.
To achieve composed security form signatures is very easy, you just sign the transaction with two different signature schemes and only allow it if both are valid. Both methods can be added to Bitcoin, but both require a hardfork. Best regards. Title: Re: Just throwing this out there: Using multiple forms of encryption for redundancy Post by: notme on July 30, 2012, 07:33:38 PM Mekle-Winternitz signatures are Quantum-computer proof. To achieve composed security form signatures is very easy, you just sign the transaction with two different signature schemes and only allow it if both are valid. Both methods can be added to Bitcoin, but both require a hardfork. Best regards. Double signatures is a nonsolution. If one is broken, that means they will be attacking the private key. If the private key is discovered, both signatures can be generated. You need two separate private keys and a way to combine the public keys into a single address. Title: Re: Just throwing this out there: Using multiple forms of encryption for redundancy Post by: Sergio_Demian_Lerner on July 30, 2012, 08:27:26 PM Double signatures is a nonsolution. If one is broken, that means they will be attacking the private key. If the private key is discovered, both signatures can be generated. You need two separate private keys and a way to combine the public keys into a single address. I clearly said "two different signature schemes". That means two different public keys, two private keys, two algorithms, read forum messages twice :) Title: Re: Just throwing this out there: Using multiple forms of encryption for redundancy Post by: notme on July 30, 2012, 08:29:10 PM Double signatures is a nonsolution. If one is broken, that means they will be attacking the private key. If the private key is discovered, both signatures can be generated. You need two separate private keys and a way to combine the public keys into a single address. I clearly said "two different signature schemes". That means two different public keys, two private keys, two algorithms, read forum messages twice :) I thought you were referring to using the same private data as the key for both schemes. I'm sorry for misinterpreting, but reading twice doesn't clarify it. However, you don't tackle the real problem, which is how do you combine these two schemes in a way that is compatible with the design of bitcoin. Title: Re: Just throwing this out there: Using multiple forms of encryption for redundancy Post by: blueadept on July 30, 2012, 08:35:10 PM Just add a new opcode to verify a different signature scheme. Then use it in scripts just like the existing opcodes. You can hash the keys and entire scripts exactly like now.
|