On Fri, Dec 13, 2013 at 12:06 AM, Nicholas Hopper <hop...@cs.umn.edu> wrote: > On Fri, Nov 29, 2013 at 7:27 PM, Nick Mathewson <ni...@torproject.org> wrote: >> Appendix A. Signature scheme with key blinding [KEYBLIND] >> ... >> See [KEYBLIND-REFS] for an extensive discussion on this scheme and >> possible alternatives. I've transcribed this from a description by >> Tanja Lange at the end of the thread. [TODO: We'll want a proof for >> this.] > > A security proof for this scheme is available at: > https://www-users.cs.umn.edu/~hopper/basic-proof.pdf > (LaTeX sources at https://www-users.cs.umn.edu/~hopper/hs-identity-proof.git) > > It would be fantastic to get comments/discussion from the tor-dev > community ahead of publishing this as a Tor Project tech report. >
In a branch "ed25519_ref10" for review on ticket #12980, I've implemented something not wholly dissimilar from the approach discussed here. Please have a look at my comments and questions there to see how badly I've messed it up. _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
