I knows quantum computer breaks elliptic curve math but what about ring signature? thanks
Asked
Active
Viewed 1,086 times
1 Answers
5
"Normal" ring signatures aren't broken (meaning the true signer is revealed) by QC, but their security certainly is (unforgeability). However, the traceable version Monero uses (for double-spending prevention) is indeed able to be broken (meaning public key linked to key image and thus signer revealed) due to the existence of a key image.
Luigi
- 2,462
- 11
- 14
-
is there any good alternative for ring signatures to be 'safe' against a QC? thanks a lot – samwellj Dec 10 '16 at 04:08
-
This should maybe be its own question, but is an area of active research--not that active on Monero's part at the moment, but rather QC-resistant/proof public key algoes, which "should" work to replace ECC for ring signatures. Here is one: https://www.microsoft.com/en-us/research/project/sidh-library/ – Luigi Dec 12 '16 at 15:28