[Gzz-commits] manuscripts/Sigs article.rst

[Tuomas J. Lukka]

CVSROOT:        /cvsroot/gzz
Module name:    manuscripts
Changes by:     Tuomas J. Lukka <address@hidden>        03/05/17 08:34:59

Modified files:
        Sigs           : article.rst 

Log message:
        algmore

CVSWeb URLs:
http://savannah.gnu.org/cgi-bin/viewcvs/gzz/manuscripts/Sigs/article.rst.diff?tr1=1.8&tr2=1.9&r1=text&r2=text

Patches:
Index: manuscripts/Sigs/article.rst
diff -u manuscripts/Sigs/article.rst:1.8 manuscripts/Sigs/article.rst:1.9
--- manuscripts/Sigs/article.rst:1.8    Sat May 17 08:28:57 2003
+++ manuscripts/Sigs/article.rst        Sat May 17 08:34:59 2003
@@ -134,10 +134,6 @@
 and the public key is the corresponding one-time-signature 
 public key.
 
-
-Signing
--------
-
 To generate a signature for the message $m$, 
 we start by setting `$p$` to the
 private key and `$i$` to `$0$`.
@@ -159,31 +155,36 @@
 
 4.  `$p \leftarrow p_x$`
 
-After the iteration, `$p$`
-
-Verification
-------------
-
-The scheme presented in this section XXX
-
-We assume a one-time signature scheme which uses
-a (pseudo)random number as its private key.
-If *p* is a private key, let *pub(p)* be
-the public key corresponding to it. For a message m, let
-*sign(p,m)* be the signature of *m* with private key *p*.
-Let *verify(pub(p),m,s)* be true for a signature *s*
-if *sign(p,m)=s*. Assume the above only if *sign(p,m)*
-is not publicized for more than one *m*.
-
-Further, let *R* be a random oracle which
-deterministically maps a private key 
-to a pair of other private keys.
-
-To generate a private/public key pair in our scheme,
-generate a random number *p* as the private key
-and use *pub(p)* as the public key.
+After the iteration, `$p$` contains the private key to be used to sign
+the actual message $m$ using the one-time-signature primitive.
+The signature consists of this signature and the whole chain
+of signatures connecting this to the original public key.
+
+To verify a signature, the verifier only needs to traverse the
+chain of signatures
+
+As long as the algorithm for choosing `$x$` does not yield the same
+chain for two messages, the signatures XXX
+The effects of this algorithm and the parameters `$k$` and `$N$`
+are analyzed in the next section.
+
+
+..  If *p* is a private key, let *pub(p)* be
+    the public key corresponding to it. For a message m, let
+    *sign(p,m)* be the signature of *m* with private key *p*.
+    Let *verify(pub(p),m,s)* be true for a signature *s*
+    if *sign(p,m)=s*. Assume the above only if *sign(p,m)*
+    is not publicized for more than one *m*.
+
+    Further, let *R* be a random oracle which
+    deterministically maps a private key 
+    to a pair of other private keys.
+
+    To generate a private/public key pair in our scheme,
+    generate a random number *p* as the private key
+    and use *pub(p)* as the public key.
 
-To sign a *b*-bit message *m*, 
+    To sign a *b*-bit message *m*, 
 
 Analysis
 ========