Replying to Avatar ( -_-)

That the discrete logarithm problem is hard. All elliptic curve cryptography assumes this without proof.
Avatar
Adarnit 2y ago

The difficulty of the problem is variable. Some variants of the problem are trivial to solve, while others can be proven to have a higher computational complexity. It is precisely those cyclical elliptical curve subgroups are chosen for public key cryptography.

And the reason discrete logs are chosen for cryptography is because the inverse function is trivial and therefore the elliptical curve subgroups have an asymmetric property of easy to verify, hard to solve.

That is why it is easy to verify a Nostr post is legitimate with a public key, but near impossible to guess a private key with just the public key.

And since you can mathematically prove the average computational complexity of the EC groups, you don't have to assume that the discrete log problems in cryptographic systems are difficult.

Reply to this note

Please Login to reply.

Discussion

Avatar
( -_-) 2y ago

Are you replying with a chatbot answer? This isn't something that's debatable. It's a fundamental assumption in bitcoin that you can't efficiently compute a private key if given the corresponding public key. There is no mathematical proof for this.

Avatar
Adarnit 2y ago

I'm not replying with a chat bot answer, I just happen to know this stuff. Didn't mean to geek out on you like that!

What I'm trying to say is that there is a way to mathematically prove the computational complexity of a mathematical problem, so we don't have to assume that discrete logs with EC is difficult because we can prove that it is so computationally intensive that it takes way too long to crack in a reasonable time frame.

Avatar
( -_-) 2y ago

That's only proving that it's hard for the most efficient classical algorithm we currently know of. It hasn't been proved *for any/all* algorithms.

Avatar
Adarnit 2y ago

I can agree on that! Especially later down the line, when quantum computing ever becomes a thing, all of these algorithms will have time complexities that are child's play for a quantum machine. Satoshi even warned about having to upgrade one day when SHA-256 is rendered useless.

Avatar
BitcoinOldGuy 2y ago

Allow me to add Giacomo Zucco talking about just this. https://youtu.be/U3Y5Cab1nlA

Avatar
BitcoinOldGuy 2y ago

#[6]