You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The cryptographic primitives used by "derohe" are not documented, but based on the source code, the implementation seems to be using a pairing-friendly Barreto-Naehrig-type elliptic curve with a field size of 256 bits.
These curves do not actually provide 128 bits of security. Their security is currently estimated to be just below 100 bits due to new attacks that were published in 2016 (see references below).
There is a comment in the code noting this fact, but I think it should be stated explicitly in the readme that the users of Dero should only expect ~100 bits of security for their funds.
The cryptographic primitives used by "derohe" are not documented, but based on the source code, the implementation seems to be using a pairing-friendly Barreto-Naehrig-type elliptic curve with a field size of 256 bits.
These curves do not actually provide 128 bits of security. Their security is currently estimated to be just below 100 bits due to new attacks that were published in 2016 (see references below).
There is a comment in the code noting this fact, but I think it should be stated explicitly in the readme that the users of Dero should only expect ~100 bits of security for their funds.
References:
https://moderncrypto.org/mail-archive/curves/2016/000740.html
https://eprint.iacr.org/2017/334.pdf (chapter 5.2)
https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-pairing-friendly-curves-00#section-4
The text was updated successfully, but these errors were encountered: