From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 584B6E6A for ; Tue, 23 Jan 2018 01:05:46 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-ua0-f179.google.com (mail-ua0-f179.google.com [209.85.217.179]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id EC533134 for ; Tue, 23 Jan 2018 01:05:45 +0000 (UTC) Received: by mail-ua0-f179.google.com with SMTP id n2so7198468uak.9 for ; Mon, 22 Jan 2018 17:05:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=mD8Vg5f1vuK4brTzIZVx3Txlzacn+OZxvjnAh5odwTw=; b=nXnFKO4VX2SY6Etgeik5RMZ3qOrtsD5SQHf362G8UiF8fYfP4ONF/bDurFkQrwlJ3V /jtqPJI1Cvg8t2eWCMWCPPyQhiQgL7HwfoLrzIBYR9wPgL0OijHLcKlUY2YWMbJE0rNL 0yP/VJdk/qCNA1DGE+wImq7MU/sbrRvytxD7SABIRBNKrp2tWn7dNkGO1FzaUrEDbjVn fEQpshZniXopNWV/c2veh+3FfWp49x2iVxqs+Fioa0SFYKIZceTGzjg+LqtyQkcit3Gd MLYdl2vZmlh/StFXXAdesSQQUbApsrtrL2ZHIFKUQmm/6OS6aWazTPem41N/ACQMDrYd zmLw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=mD8Vg5f1vuK4brTzIZVx3Txlzacn+OZxvjnAh5odwTw=; b=VfXTMztCijEynzTapogvXVVzPerUFnBbLcrfjLsu7axqRjNupur40QCCBGjQgAeLce e00U6iYSbAIUgRrHlWm5HFrL0ZyYKU3n+WfBWObUm4i1JMpkp/vVLm/FjhVXlaCPr2bH 0THr3KwezxDCIH5ZI8Jl1gqxwB4mm0Ex8VEdoq+eV0od+Iwfh/iFQUKUi3Y+Z04Q5vdj RUfu+oo2BuXO6/wymEc+I2qglIKW64jXU4MDAEnkLvIpModuI97aimLAHRpXqdmWp55u ZXAC2ttDxQCQcyoGUFRJX89DMSShE9x4CQ7MHVrkNE3dzS0yVXp78UbNsangLlkp4ZEB 131g== X-Gm-Message-State: AKwxytcy9sUQsm8X3TML4R4vfyLN4nB6w9Z2psyQsvitKTNXrzGcNUbw HGFqdPw7Hecu0oCdnGdkTJnvp7KgvcusBuqLSBQ= X-Google-Smtp-Source: AH8x224mDk55RUdw3YIxa6LwiBDJhZCndZLf4PIueXw6SAjLRWXi1+kmXIKwNOjnJ8AogvRVKYtbHeEDeKts0FqNVvs= X-Received: by 10.176.91.135 with SMTP id y7mr647192uae.46.1516669545111; Mon, 22 Jan 2018 17:05:45 -0800 (PST) MIME-Version: 1.0 Sender: gmaxwell@gmail.com Received: by 10.103.78.155 with HTTP; Mon, 22 Jan 2018 17:05:44 -0800 (PST) In-Reply-To: References: <51280a45-f86b-3191-d55e-f34e880c1da8@satoshilabs.com> <4003eed1-584f-9773-8cf9-6300ebd1eac6@satoshilabs.com> From: Gregory Maxwell Date: Tue, 23 Jan 2018 01:05:44 +0000 X-Google-Sender-Auth: Hiqv_vqFNNZ9VfFgB6nW4l-55qw Message-ID: To: "Russell O'Connor" Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Tue, 23 Jan 2018 01:36:32 +0000 Cc: Bitcoin Protocol Discussion Subject: Re: [bitcoin-dev] Satoshilabs secret shared private key scheme X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Jan 2018 01:05:46 -0000 On Mon, Jan 22, 2018 at 7:21 PM, Russell O'Connor wrote: > At this point, is it better just to use GF(2^256+n)? Is GF(2^256+n) going > to be that much slower than GF(2^8) that we care to make things this > complicated? (I honestly don't know the answer.) I expect it would be especially since operations must be implemented in sidechannel resistant manners. Also, binary extension fields are doing to have linear subgroup properties where leaking part of elements wouldn't be good. Not as obviously broken as the example I gave above, but still in the domain of "get chunks of a lot of a supra threshold set of shares, and setup a latices basis problem that can provide an efficient subspace to search".