- From: Tony Arcieri <bascule@gmail.com>
- Date: Fri, 24 Mar 2017 15:11:05 -0700
- To: Kim Hamilton <kimdhamilton@gmail.com>
- Cc: "public-webpayments-ig@w3.org" <public-webpayments-ig@w3.org>
Received on Friday, 24 March 2017 22:11:58 UTC
I'm sorry if this is a sidebar in this issue, but is there a particular reason why you're using Koblitz signatures and, perhaps more concerning, why you're using ECDSA? The CFRG has selected Ed25519 (RFC 8032) as the next-generation high security curve. If performance is the concern, more modern alternatives like FourQ will exceed e.g. secp256k1's performance. The only reason to choose secp256k1 (I assume?) today is compatibility with Bitcoin. But that's less concerning than this: New protocols should NOT be using ECDSA. ECDSA has repeatedly failed in practice, has many failure modes modern signature schemes are not vulnerable to, and now that the Schnorr patents have expired is completely obsolete. -- Tony Arcieri
Received on Friday, 24 March 2017 22:11:58 UTC