I agree, multisignatures seem prudent. So does multiple public key encryption algorithms for symmetric key exchange. Why risk a breakthrough against one?
Cheers, William -----Original Message----- From: cryptography [mailto:cryptography-boun...@randombit.net] On Behalf Of Peter Todd Sent: Friday, January 03, 2014 4:05 PM To: coderman Cc: cpunks; Discussion of cryptography and related Subject: Re: [cryptography] pie in sky suites - long lived public key pairs for persistent identity On Fri, Jan 03, 2014 at 11:42:47AM -0800, coderman wrote: > use case is long term (decade+) identity rather than privacy or > session authorization. > > eternity key signs working keys tuned for speed with limited secret > life span (month+). working keys are used for secret exchange and any > other temporal purpose. > > you may use any algorithms desired; what do you pick? > > > Curve3617+NTRU eternity key > Curve25519 working keys > ChaCha20+Poly1305-AES for sym./mac Why can we only pick one? In the context of stuff like email the overhead of n-of-m multisignature isn't a big deal. Heck, even in the context of Bitcoin where transactions have a cost per KB in the order of $0.10 to $1 n-of-m multisignature is catching on as a way to protect funds from theft. Why should digital signatures be any different? -- 'peter'[:-1]@petertodd.org 000000000000000251d8c6bb4f73d2f68e359fe143dfd3645374a4d26d09388c _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography