Accéder au contenu.
Menu Sympa

belenios-discuss - Re: [Belenios-discuss] Proposal: quicker implementation of Fiat-Shamir NIZK proofs

Objet : Discussion list for Belenios

Archives de la liste

Re: [Belenios-discuss] Proposal: quicker implementation of Fiat-Shamir NIZK proofs


Chronologique Discussions 
    < Chronologique >      < Discussions >
  • From: Stéphane Glondu <stephane.glondu AT inria.fr>
  • To: Julien Moutinho <julm+inria AT autogeree.net>
  • Cc: belenios-discuss AT lists.gforge.inria.fr, Mieux Voter <contact AT mieuxvoter.fr>
  • Subject: Re: [Belenios-discuss] Proposal: quicker implementation of Fiat-Shamir NIZK proofs
  • Date: Fri, 16 Aug 2019 09:13:06 +0200
  • List-archive: <http://lists.gforge.inria.fr/pipermail/belenios-discuss/>
  • List-id: Discussion list for Belenios <belenios-discuss.lists.gforge.inria.fr>
Le 15/08/2019 à 19:18, Julien Moutinho a écrit :
>> Could you please consider the following
>> change to the 1.6 specification of Helios-C.
>>
>> In section "4.4 Trustee keys" and section "4.13 Tally",
>> response is defined as "w + x × challenge mod q"
>> then A and B are computed using a division.
>>
>> It would be sensibly quicker to avoid the modular exponentiation
>> of those divisions by defining response as "w + x × challenge mod q",
>> as done in section "4.11 Signatures"
> Sorry, copy/paste error, this should read "w - x × challenge mod q"

We are aware of this optimization (you may have noticed that it is done
in other proofs), but we will not do it now because it would break
compatibility. Maybe later, when versioning of the specification is
introduced in the code, or when we decide to drop support for the
current specification. The (historical) reason it is done this way in
the first place is compatibility with Helios, but now we have completely
diverged.


Cheers,

--
Stéphane



Archives gérées par MHonArc 2.6.19+.

Haut de le page