The cryptographic primitives used by "derohe" are not documented, but based on the source code, the implementation seems to be using a pairing-friendly Barreto-Naehrig-type elliptic curve with a field size of 256 bits.
These curves do not actually provide 128 bits of security. Their security is currently estimated to be just below 100 bits due to new attacks that were published in 2016 (see references below).
There is a comment in the code noting this fact, but I think it should be stated explicitly in the readme that the users of Dero should only expect ~100 bits of security for their funds.
The cryptographic primitives used by "derohe" are not documented, but based on the source code, the implementation seems to be using a pairing-friendly Barreto-Naehrig-type elliptic curve with a field size of 256 bits.
These curves do not actually provide 128 bits of security. Their security is currently estimated to be just below 100 bits due to new attacks that were published in 2016 (see references below).
There is a comment in the code noting this fact, but I think it should be stated explicitly in the readme that the users of Dero should only expect ~100 bits of security for their funds.
References: https://moderncrypto.org/mail-archive/curves/2016/000740.html https://eprint.iacr.org/2017/334.pdf (chapter 5.2) https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-pairing-friendly-curves-00#section-4