Bitcoin Forum
December 15, 2017, 02:58:38 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Adding a different signature algorithm  (Read 699 times)
Sukrim
Legendary
*
Offline Offline

Activity: 2212


View Profile
June 27, 2014, 09:51:03 AM
 #1

After reading https://ripple.com/dev-blog/curves-with-a-twist/ I wonder if something like this is also on the mid-term agenda for Bitcoin, since especially the issue with ECDSA (weak RNGs on Android) even already has affected its users.

Yes, I know, I know, for some people Ripple is a red flag - please don't discuss this here though, please focus on the better performance + security aspects of using Ed25519 signatures instead of ECDSA.

https://bitfinex.com <-- leveraged trading of BTCUSD, LTCUSD and LTCBTC (long and short) - 10% discount on fees for the first 30 days with this refcode: x5K9YtL3Zb
Mail me at Bitmessage: BM-BbiHiVv5qh858ULsyRDtpRrG9WjXN3xf
1513306718
Hero Member
*
Offline Offline

Posts: 1513306718

View Profile Personal Message (Offline)

Ignore
1513306718
Reply with quote  #2

1513306718
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1513306718
Hero Member
*
Offline Offline

Posts: 1513306718

View Profile Personal Message (Offline)

Ignore
1513306718
Reply with quote  #2

1513306718
Report to moderator
1513306718
Hero Member
*
Offline Offline

Posts: 1513306718

View Profile Personal Message (Offline)

Ignore
1513306718
Reply with quote  #2

1513306718
Report to moderator
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218


Gerald Davis


View Profile
June 27, 2014, 12:51:42 PM
 #2

The only known issue with ECDSA is implementation issues which result from the reuse of the k value.  This can be eliminated by using Deterministic Signatures (RFC6979).   The article shows roughly 2x throughput which sounds impressive until you realize how little times is spent verifying signatures.   For the sake of argument I will just accept their numbers as fact.   Secp256k1 performed 6609.64744 verifications per second.  If all Bitcoin blocks were 1MB and the average tx was 300 bytes that is 3,333 tx per block.  Verification of signatures would be ~500ms.  Using their own numbers, Ed25519 would be roughly half that or 250ms per block.

Technically Bitcoin can support an alternative signing algorithm (potentially multiple signing algorithms used simultaneously) but I don't see a move from one good 256 bit ECC curve to another 256 bit ECC being warranted.

Sukrim
Legendary
*
Offline Offline

Activity: 2212


View Profile
June 27, 2014, 01:41:48 PM
 #3

Fast signatures are definitely more of an issue for Ripple, as transaction volume is higher there as well as "block" times. Still Bitcoin hopefully will get beyond 1 MB blocks in the future, so it might become relevant in the future. Also a delay of 500 ms vs. 250 ms when forwarding blocks might be worth a look or two.

https://bitfinex.com <-- leveraged trading of BTCUSD, LTCUSD and LTCBTC (long and short) - 10% discount on fees for the first 30 days with this refcode: x5K9YtL3Zb
Mail me at Bitmessage: BM-BbiHiVv5qh858ULsyRDtpRrG9WjXN3xf
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!