There are various groupish signature systems (including DAA and BBS[1]) that wou... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		agl on Jan 1, 2019 \| parent \| context \| favorite \| on: Zero-knowledge attestation There are various groupish signature systems (including DAA and BBS[1]) that would probably be a better answer here, _if you controlled the signers_. But, in this context, the devices have shipped and they do P-256 ECDSA. So the question then becomes, what _can_ we do without being able to change the signers? Can we plausibly retrofit something onto them? [1] http://crypto.stanford.edu/~dabo/papers/groupsigs.pdf

ecesena on Jan 2, 2019 [–]

I see, thank you for the clarification. I was just surprised to read it takes several seconds on a 4GHz cpu. For example the chip we’re using in Solo is a STM32 at 80MHz so it’s prob impractical (But in fairness I don’t have numbers on DAA either.)

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact