From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 2CF6D1024 for ; Tue, 23 Jan 2018 13:55:58 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail.sldev.cz (mail.sldev.cz [51.254.7.247]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 13DFB2C3 for ; Tue, 23 Jan 2018 13:55:56 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.sldev.cz (Postfix) with ESMTP id 5163DEB4F; Tue, 23 Jan 2018 14:21:45 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at mail.sldev.cz Received: from mail.sldev.cz ([127.0.0.1]) by localhost (mail.sl [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oSNWxNLIRVXR; Tue, 23 Jan 2018 14:21:44 +0000 (UTC) Received: from localhost.localdomain (unknown [10.8.8.156]) by mail.sldev.cz (Postfix) with ESMTPSA id BDB25EB43; Tue, 23 Jan 2018 14:21:44 +0000 (UTC) From: =?UTF-8?Q?Ond=c5=99ej_Vejpustek?= To: Gregory Maxwell References: <51280a45-f86b-3191-d55e-f34e880c1da8@satoshilabs.com> <4003eed1-584f-9773-8cf9-6300ebd1eac6@satoshilabs.com> Message-ID: Date: Tue, 23 Jan 2018 14:54:48 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.2 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Tue, 23 Jan 2018 14:06:12 +0000 Cc: Bitcoin Dev Subject: Re: [bitcoin-dev] Satoshilabs secret shared private key scheme X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Jan 2018 13:55:58 -0000 > Yes, this scheme. > https://bitcointalk.org/index.php?topic=311000.msg3342217#msg3342217 In addition to the scheme, I found out, that Makwa (https://www.bolet.org/makwa/), a hashing function which received a special recognition in the Password Hashing Competition, supports a delegation. In fact, Makwa is similar to the suggested scheme. Unfortunately, both schemes have two drawbacks: (1) There is no proof that the host computes what he's suppose to do. (2) The delegation is far more slower than the normal computation. According to the Makwa paper (https://www.bolet.org/makwa/makwa-spec-20150422.pdf) the delegation is typically 100 to 1000 slower. So I see little advantage in delegating. I doubt there is a scheme that suits our needs.