From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ondrej.vejpustek@satoshilabs.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id 2CF6D1024
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Tue, 23 Jan 2018 13:55:58 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from mail.sldev.cz (mail.sldev.cz [51.254.7.247])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 13DFB2C3
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Tue, 23 Jan 2018 13:55:56 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by mail.sldev.cz (Postfix) with ESMTP id 5163DEB4F;
	Tue, 23 Jan 2018 14:21:45 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at mail.sldev.cz
Received: from mail.sldev.cz ([127.0.0.1])
	by localhost (mail.sl [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id oSNWxNLIRVXR; Tue, 23 Jan 2018 14:21:44 +0000 (UTC)
Received: from localhost.localdomain (unknown [10.8.8.156])
	by mail.sldev.cz (Postfix) with ESMTPSA id BDB25EB43;
	Tue, 23 Jan 2018 14:21:44 +0000 (UTC)
From: =?UTF-8?Q?Ond=c5=99ej_Vejpustek?= <ondrej.vejpustek@satoshilabs.com>
To: Gregory Maxwell <greg@xiph.org>
References: <51280a45-f86b-3191-d55e-f34e880c1da8@satoshilabs.com>
	<CAAS2fgRQk4EUp6FO2f+RkJpDTyZX0N4=uGp7ZF=0aUchZX8hSA@mail.gmail.com>
	<4003eed1-584f-9773-8cf9-6300ebd1eac6@satoshilabs.com>
	<CAAS2fgSw0mAQPJ-ai-3kFr7pWXd7pjbrEoXN4r6Ak3o4c8_vjw@mail.gmail.com>
	<d6eb0fc3-d729-30cb-986b-b1d7b8aacbd6@satoshilabs.com>
	<CAAS2fgQtf_LDDcWDmvM+kjPCSqaQVwVd2rKWVtho4-XSAHpJZQ@mail.gmail.com>
Message-ID: <bf402c77-cfdd-f38d-43a9-23f1c3273b9d@satoshilabs.com>
Date: Tue, 23 Jan 2018 14:54:48 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
	Thunderbird/52.5.2
MIME-Version: 1.0
In-Reply-To: <CAAS2fgQtf_LDDcWDmvM+kjPCSqaQVwVd2rKWVtho4-XSAHpJZQ@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
X-Mailman-Approved-At: Tue, 23 Jan 2018 14:06:12 +0000
Cc: Bitcoin Dev <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Satoshilabs secret shared private key scheme
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jan 2018 13:55:58 -0000

> Yes, this scheme.
> https://bitcointalk.org/index.php?topic=311000.msg3342217#msg3342217

In addition to the scheme, I found out, that Makwa
(https://www.bolet.org/makwa/), a hashing function which received a
special recognition in the Password Hashing Competition, supports a
delegation. In fact, Makwa is similar to the suggested scheme.

Unfortunately, both schemes have two drawbacks:
  (1) There is no proof that the host computes what he's suppose to do.
  (2) The delegation is far more slower than the normal computation.
According to the Makwa paper
(https://www.bolet.org/makwa/makwa-spec-20150422.pdf) the delegation is
typically 100 to 1000 slower. So I see little advantage in delegating.

I doubt there is a scheme that suits our needs.