[Cryptography] Quillon Graph: A private, post-quantum electronic cash system

[Peter Gutmann]

iang <iang at iang.org> writes:

>The TLAs hate simple algorithms and simple protocols because they can be
>shown to work easily, proven correct etc. They love complex algorithms &
>protocols bc devs make mistakes and committees are required to add further
>complexity & mistakes to make them 'safe', as well as opportunity to distract
>by committee procedure and eventual cartelisation.

Is it that or because their cryptographers are all hardcore mathematicians and
they choose mathematically interesting stuff that works fine on a whiteboard
but fails in a million subtle ways when deployed in the real world?

As an aside, if their internal-use stuff follows the same well-it-works-fine-
on-paper design philosophy, I wonder how vulnerable the implementations are
given that they don't have access to the crowdsourced pen-testing that public
designs and implementations have?

Echoing Peter Fairbrother's comment:

>I like 1536-bit DH myself,

as long as you use FIPS 186-style parameter gen and verification (and don't do
anything pathologically bad like reusing y values) you're sorted, you don't
have to worry about a neverending parade of subtle problems and corner cases.
It just works.

Peter.