[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Taler] Lattice-Based E-Cash

From: Jeff Burdges
Subject: [Taler] Lattice-Based E-Cash
Date: Fri, 18 May 2018 20:05:58 +0200

I have not actually read much of this paper, but worth mentioning its existence:

There are good odds any PRF based scheme will encounters the minor issues 
previously discussed around Oblivious PRF schemes, as mentioned in 

In this case, I think their signing primitive falls somewhere between a 
signature and a PRF, not sure, but actually obfuscating all inputs from the 
signer sounds unlikely to be information theoretically secure.  Also, I have 
not read enough to know if their zero-knowledge argument of knowledge scheme is 
information theoretically blinding.  If not for either one, then anonymity is 
technically weaker under their proposal, making it riskier if quantum computers 
are believed unlikely.  I previously highlighted this issues in 

Also, the paper does stuff like deanonymize double spenders, which we know to 
be unrealistic crypto-for-crypto in the usual payment context, but that’s 
merely unnecessary and not an obstacle.


Attachment: signature.asc
Description: Message signed with OpenPGP

reply via email to

[Prev in Thread] Current Thread [Next in Thread]