search

decentralized-identity / bbs-signature

The BBS Signature Scheme
https://identity.foundation/bbs-signature/draft-irtf-cfrg-bbs-signatures.html
Apache License 2.0
80 stars 26 forks source link

Length of octet strings encoding #231

Closed BasileiosKal closed 1 year ago

BasileiosKal commented 1 year ago

We currently use 8 bytes for the header/ph length (where length = # of bytes), allowing it to be up to 2^64 – 1 meaning that the header can be up to ~10^19 bytes long i.e., roughly 10000 Petabytes. This seems excessive.

Cases where even more than 32 or 64 bytes are needed can just use pre-hashing. IMO, 1 or 2 bytes (or even 3, which would allow for a header of up to 1 Mb) would be enough to encode the length of the header/ph for most applications.

8 bytes are also used for the total number of messages. I doubt anyone will need to sign 10^19 messages, however, it maybe be nice to have a practically unlimited "capacity".

Proposal

  1. Use 8 bytes for the total number of messages/indexes is fine.
  2. Use 2 bytes for the length of octet strings (i.e., header/ph).
tplooker commented 1 year ago

I think the performance benefit here is debatable and creating an inconsistency between the number of bytes pre-appended is a higher cost.

BasileiosKal commented 1 year ago

Discussed on WG call 9th of January. No consensus seemed to be achieved. Will discuss closing this issue in the next WG call.

BasileiosKal commented 1 year ago

Discussed on Wg call on the 6th of February. Since there will be no performance advantage will close to not introduce breaking changes.