#Performance & Security Notes
#Complexity
| Ladder |
Sign cost (hash ops) |
Verify cost* |
Channel requirement |
| S |
N(N−1)/2 |
g × (N−g) |
Lossy/out-of-order OK |
| X |
N(N−1)/2 |
N−1 |
Strictly sequential (gap = 1) |
*Counting cryptographic operations only.
#Choosing parameters
| Target platform |
Suggested N |
originSize |
Notes |
| Constrained MCU/RFID |
4–8 |
128 bit |
Small code/data footprint |
| Browser/Mobile |
8–16 |
256 bit |
Good HW acceleration for SHA-256 |
| Desktop/Server |
16–32 |
256–512 bit |
Higher brute-force margin |
#Export formats
-
bytes — smallest, fastest; may need encoding for text channels.
-
hex — human-readable, doubles size.
-
base64 — URL/form-safe, +33% overhead.
#Security checklist
- Prefer
SHA-256/SHA-512/SHA3 family or vetted WASM implementations.
- For CDN-loaded hashers use SRI and strict CSP.
- Offload heavy signing to a Web Worker for UX smoothness.
- In X-mode, enforce reliable delivery (e.g., over TLS/WebSocket).