Nostr Web Client

Thanks. My mention got messed up. I am wondering if this could be a drop-in replacement for secp256k1, supports Schnorr and is “quantum-safe” (whatever that means)

waxwing 3mo ago

512 bit wouldn't help against quantum; the problem is Shor's algo is not exponential in that parameter, it's polynomial so it basically doesn't help.

Meanwhile we're at about 128 bit security (think birthday) w/ 256 bit curves, at least as far as anyone knows, shifting to 512->256 bit security is obviously "better" but otoh nobody seriously considers anything above 90 bits is attackable (and remember that scale is exponential!)

Reply to this note

Please Login to reply.

Discussion

Jack K 3mo ago

Thankfully Shor’s Algo has been developed on top of what I’d call “Fiat Physics”.

Tim Bouma 3mo ago

Schnorr, not Shor. I don’t know much about Shor, other than it’s regularly name-dropped to instill fear into the fiat followers.

Jack K 3mo ago

Haha agreed! Paying attention to Shor is a literal waste of mental compute once you see the theory is built upon a laundry list of nonsense and unobservable physics.

Schnorr > Shor

Tim Bouma 3mo ago

Good to know. I am also concluding that zero knowledge proofs are a waste of time for the purported benefits they give you.

Jack K 3mo ago

👀 I’m not a cryptographer, but I’ll listen intently to those who reject the “quantum threat”.