summaryrefslogtreecommitdiff
path: root/TODO
blob: 50ef4e03608b2db059807c5417ecb6a53f635a1a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
Copyright (C)  2006, 2007, 2009, 2015-2019 Heiko Stamer <[email protected]>

Permission is granted to copy, distribute and/or modify this document under
the terms of the GNU Free Documentation License, Version 1.3 or any later
version published by the Free Software Foundation; with no Invariant Sections,
no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included
in the sources of this package and additionally can be obtained from Internet
<https://www.gnu.org/licenses>.

* TMCG: reimplement the TimingAttackProtection for Schindelhauer's protocols
* RFC4880: add FindByUserid() to TMCG_OpenPGP_Keyring

* add abstraction layer for cryptographic primitives (i.e. libgcrypt calls)
* add generic group abstraction layer, e.g. for future use of ECC groups
* add constant-time implementation for modular multiplication mpz_smulm() a.o.
* add generic broadcast channel abstraction layer, e.g. AbstractBroadcastChannel

+ provide interactive and distributed (multiparty DZKP) versions for
  bootstrapping non-interactive protocols of VTMF, i.e., key generation
  (for applications that cannot rely on the random oracle assumption or
   the h-generation protocol as building block of ASTC [JL00])
+ VTMF: add interactive versions of Chaum-Pedersen PoK of dlog equality
+ DZKP also called "Simultaneous Zero-Knowledge Proofs of Knowledge" [JL00]
+ DKG, ASTC: transform protocols into variants without aiou->Send() [BH92]
+ move to event-driven architecture and state-based protocol representation
+ provide a multi-value byzantine consensus protocol for agreement purposes
+ implement asynchronous VSS [CKLS02] for DKG and other applications

- deterministic DSA for ASTC/DSS: cf. RFC 6979; maybe it's impossible for TC
- implement the exotic card and stack operations of the toolbox; there are
  some obstacles, e.g. that the prover does not know all used randomizers,
  for the subset and superset protocols; general protocols for private set
  operations (PSI) are also not useful, because they do not provide the link
  from the shuffled deck to individual set operations on private cards