You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
abstract = {We propose an efficient commutative group action suitable for non-interactive key exchange in a post-quantum setting. Our construction follows the layout of the Couveignes–Rostovtsev–Stolbunov cryptosystem, but we apply it to supersingular elliptic curves defined over a large prime field Fp, rather than to ordinary elliptic curves. The Diffie–Hellman scheme resulting from the group action allows for public-key validation at very little cost, runs reasonably fast in practice, and has public keys of only 64 bytes at a conjectured AES-128 security level, matching NIST’s post-quantum security category I.},
221
+
booktitle = {Advances in Cryptology – ASIACRYPT 2018: 24th International Conference on the Theory and Application of Cryptology and Information Security, Brisbane, QLD, Australia, December 2–6, 2018, Proceedings, Part III},
In this section we will focus on where there is still room for improvement in the Whisk protocol.
1
3
4
+
The main modification from Curdleproofs to CAAUrdleproofs is the added flexibilty in choosing the shuffle size for Whisk.
5
+
Hence, a topic for future improvements could be proof structure modifications.
6
+
The goal of this is to improve the protocol in all cases.
7
+
Also in cases where the shuffle size is a power of two, for which Curdleproofs and CAAUrdleproofs show similar results.
8
+
As seen in Appendix~\ref{app:curdleproofs-weighted-inner-product-argument-modification-attempt}, we tried to do this using~\glspl{wipa} instead of~\glspl{ipa}.
9
+
Though, we found that there was not enough time to follow through, as it seemed that significant structural changes were needed for this change to be possible.
2
10
3
-
\section{Future work}\label{sec:future-works}
4
-
This is the future work.
11
+
12
+
Besides trying to make the proof faster, and the block overhead smaller, there are also calls for making the protocol more secure.
13
+
Specifically, work has already begun trying to make Curdleproofs post-quantum secure~\cite{pqwhisk}.
14
+
In this work, they make use of~\gls{csidh}~\cite{10.1007/978-3-030-03332-3_15}.
15
+
Isogeny-based cryptography is based on maps between elliptic curves.
16
+
Using isogenies, a hard problem comes up, namely the~\gls{gaip}.
17
+
\begin{definition}[Group Action Inverse Problem (GAIP)]
18
+
Given a curve $E$, with $End(E)=O$, find an ideal $a\subset O$ such that $E=[a]E_0$
19
+
\end{definition}
20
+
This problem somewhat resembles the discrete logarithm problem.
21
+
Hence, using this problem, an almost one to one conversion using post-quantum cryptography can be done on Whisk, as shown by Sanso~\cite{pqwhisk}.
22
+
At the moment, though, there does not exist a~\gls{nizk} proof of shuffle based on isogenies.
23
+
24
+
25
+
With Whisk, a list of upcoming proposers is still chosen and published some time before they are needed for duty.
26
+
But because upcoming proposers are published as trackers that only the chosen validator can open and prove ownership of, attacks such as~\gls{dos} attacks are a lot harder to accurately perform.
27
+
28
+
Though, as found by Heimbach et al.~and confirmed by ourselves, the execution of the~\gls{dos} attack is only half the attack~\cite{heimbach2024deanonymizingethereumvalidatorsp2p,ouroldpaper}.
29
+
Even if the blockchain is using Whisk, it is still possible for an adversary to gather and de-anonymize validator IP addresses only by running a node on the network.
30
+
A sustainable solution for this therefore needs to be found.
31
+
Though, Ethereum is a system that encourages transparency, so a possible solution should keep this in mind.
0 commit comments