-
Notifications
You must be signed in to change notification settings - Fork 160
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Key commitment approach could be simplified? #172
Comments
@jackloomen wrote:
|
There are better alternatives than CTX: |
CTX+ is a good minor optimization. Committing Concealer is clever but unfortunately AES is not an ideal cipher. I expect that construction to remain academic. |
These recommendations in the documentation predate the papers on key commitment. They offer 64 bit security, which is enough to prevent online attacks. Most importantly, they are very simple to implement given the existing APIs. CTX+ and Committing Concealer are nice, there's another paper to be published soon that doesn't require a hash function, but these can't be implemented using libsodium. So, this is not very useful in this context. This is a hot topic right now, new generic or specific constructions are going to come out of this, and once the dust settles, dedicated APIs can be added. In the meantime, status quo looks fine. It can easily be implemented using the library the documentation is about, and there's a faster option that offers 128 bit commitment. |
@jackloomen wrote:
The text was updated successfully, but these errors were encountered: