[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Gzz-commits] manuscripts/Sigs article.rst
|
From: |
Tuomas J. Lukka |
|
Subject: |
[Gzz-commits] manuscripts/Sigs article.rst |
|
Date: |
Sat, 17 May 2003 07:39:00 -0400 |
CVSROOT: /cvsroot/gzz
Module name: manuscripts
Changes by: Tuomas J. Lukka <address@hidden> 03/05/17 07:39:00
Modified files:
Sigs : article.rst
Log message:
Abstract
CVSWeb URLs:
http://savannah.gnu.org/cgi-bin/viewcvs/gzz/manuscripts/Sigs/article.rst.diff?tr1=1.1&tr2=1.2&r1=text&r2=text
Patches:
Index: manuscripts/Sigs/article.rst
diff -u manuscripts/Sigs/article.rst:1.1 manuscripts/Sigs/article.rst:1.2
--- manuscripts/Sigs/article.rst:1.1 Sat May 17 07:03:13 2003
+++ manuscripts/Sigs/article.rst Sat May 17 07:39:00 2003
@@ -4,26 +4,43 @@
We propose an unlimited-time digital signature scheme based
on a one-time signature scheme and a random oracle.
-The random oracle maps a private key p0 to a pair
-of new private keys (p1,p2); the one-time signature scheme
-is used with p0 to sign the public keys corresponding to
-(p1,p2). We apply this method recursively for each bit
-in a message, with p0'=p1 if the bit is zero and p0'=p2
-if the bit is one. The resultant chain of one-time signatures
-forms our scheme's the signature of the message.
+The random oracle is used to map a private key to a
+set of new private keys.
+The original private key is used to sign the new
+private keys.
+For each message, one of the new keys is chosen,
+and this process is repeated recursively for a number
+of times to obtain the final private key used to sign
+the actual message. The signature consists of
+the chain of signatures from the original public key
+to the final signature.
+
+The detailed characteristics of the algorithm are determined
+by the one-time signature scheme used,
+the number of recursion levels,
+and the algorithm for choosing which private key to use.
+
+A one-time signature algorithm can be used as the primitive
+because
+each private key is only used to sign the public keys
+corresponding to a constant number of
+new private keys that only depend on the private key,
+not the message.
+
+Additionally, rejecting invalid signatures can be
+significantly faster than in RSA-like systems.
+On the other hand, signing is comparatively slow
+and signatures can be large.
Our scheme has applications in long-term digital publishing.
Unlike signature schemes like RSA and DSA, it does not
rely on number-theoretic assumptions like the hardness
of factoring or discrete logs, areas in which substantial
cryptoanalytical improvements continue to be made.
-As long as the random oracle isn't broken, an exhaustive
+As long as the random oracle, used to generate the new private keys
+and to implement the one-time signatures,
+isn't broken, an exhaustive
key search is the only way to break the scheme.
-
-Additionally, rejecting invalid signatures can be
-significantly faster than in RSA-like systems.
-On the other hand, signing is comparatively slow
-and signatures are very large.
Introduction
- [Gzz-commits] manuscripts/Sigs article.rst, Benja Fallenstein, 2003/05/17
- [Gzz-commits] manuscripts/Sigs article.rst,
Tuomas J. Lukka <=
- [Gzz-commits] manuscripts/Sigs article.rst, Tuomas J. Lukka, 2003/05/17
- [Gzz-commits] manuscripts/Sigs article.rst, Tuomas J. Lukka, 2003/05/17
- [Gzz-commits] manuscripts/Sigs article.rst, Benja Fallenstein, 2003/05/17
- [Gzz-commits] manuscripts/Sigs article.rst, Tuomas J. Lukka, 2003/05/17
- [Gzz-commits] manuscripts/Sigs article.rst, Tuomas J. Lukka, 2003/05/17
- [Gzz-commits] manuscripts/Sigs article.rst, Tuomas J. Lukka, 2003/05/17
- [Gzz-commits] manuscripts/Sigs article.rst, Tuomas J. Lukka, 2003/05/17
- [Gzz-commits] manuscripts/Sigs article.rst, Tuomas J. Lukka, 2003/05/17
- [Gzz-commits] manuscripts/Sigs article.rst, Tuomas J. Lukka, 2003/05/17
- [Gzz-commits] manuscripts/Sigs article.rst, Tuomas J. Lukka, 2003/05/17