[Cryptography] Blockchain without proof of work
Phillip Hallam-Baker
phill at hallambaker.com
Sun Jan 13 23:31:51 EST 2019
On Sun, Jan 13, 2019 at 8:46 PM Patrick Chkoreff <pc at fexl.com> wrote:
> Ángel wrote on 1/11/19 6:57 PM:
>
> > I am a bit worried by the truncation part. The fact that a hash function
> > is collision-resistant does NOT mean that the first N-bits (in your case
> > 25) are as collision resistant as the whole hash.
> > Thus, you may find for instance that a SHA2 truncated to 128 bits is
> > actually suffering more collisions than a "weaker" MD5.
>
> That I don't understand. If taking the first 128 bits of SHA-512 is
> less collision-resistant than some other 128 bit hash, wouldn't that
> indicate a serious flaw in SHA-512?
>
It certainly would and moreover, that is exactly what is done in HKDF and
other key derivation functions.
Nor is collision resistance the consideration here. If I am using the
digest to authenticate a public key pair, the work factor of interest is
how many keys do I have to generate before I can impersonate someone
(anyone at all). Which for a 25 character UDF and a user base of a billion
keys is approx 2^117/2^30 = 2^87. Which indicates that we should move to
150 character fingerprints as the user base grows or use key compression to
increase the work factor.
On Fri, Jan 11, 2019 at 9:02 PM Ángel <angel at crypto.16bits.net> wrote:
> You will probably think this is a very gross solution, but my initial
> idea for the stated problem was that you simply obtained (eg. with Lets
> Encrypt, but you can pay for it, too) HTTPS certificates for:
>
> KD25H-GSNE2-JVVJE-RXTMA-7VAWT.villain1of3.20190101prediction.hallambaker.com
>
> <http://kd25h-gsne2-jvvje-rxtma-7vawt.villain1of3.20190101prediction.hallambaker.com/>
> KCOO3-EKPAG-FKYFC-O2B2N-O3UUA.villain2of3.20190101prediction.hallambaker.com
>
> <http://kcoo3-ekpag-fkyfc-o2b2n-o3uua.villain2of3.20190101prediction.hallambaker.com/>
> KBR3A-RQLV7-SMB6X-6OB7X-JMBNT.villain3of3.20190101prediction.hallambaker.com
> <http://kbr3a-rqlv7-smb6x-6ob7x-jmbnt.villain3of3.20190101prediction.hallambaker.com/>
>
No, I like that better than anything to do with blockchain.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20190113/a173bcb9/attachment.html>
More information about the cryptography
mailing list