[Gzz-commits] manuscripts/Sigs article.rst

[Tuomas J. Lukka]

CVSROOT:        /cvsroot/gzz
Module name:    manuscripts
Changes by:     Tuomas J. Lukka <address@hidden>        03/05/19 14:48:17

Modified files:
        Sigs           : article.rst 

Log message:
        conclpoints

CVSWeb URLs:
http://savannah.gnu.org/cgi-bin/viewcvs/gzz/manuscripts/Sigs/article.rst.diff?tr1=1.120&tr2=1.121&r1=text&r2=text

Patches:
Index: manuscripts/Sigs/article.rst
diff -u manuscripts/Sigs/article.rst:1.120 manuscripts/Sigs/article.rst:1.121
--- manuscripts/Sigs/article.rst:1.120  Mon May 19 14:35:30 2003
+++ manuscripts/Sigs/article.rst        Mon May 19 14:48:17 2003
@@ -2,19 +2,10 @@
 One-time Signature Key Boosting: Full Digital Signature Feature Set without 
Trapdoor Functions
 
==============================================================================================
 
-..  Benja: I'm restarting the writing.
-
-    We *don't* need to review all existing schemes, since I figured
-    our combination with merkle hashes still is a *linear* operation
-    from source to target characteristics. We'll get off much lighter
-    without reviewing, no need to search too much for optimums &c.
-
-    I'm sure the referees will tell us if we should review them...
-
 Abstract:
 
 - recursive application of one-time signature to sign
-  nodes along a single branch of a tree of 
+  nodes along a single path through a virtual tree of 
   new pubkeys corresponding to privkeys
   deterministically
   generated by random oracle from the tree node
@@ -25,8 +16,7 @@
 
 - good
 
-  - existentially unforgeable in adaptive chosen message attack, 
-    even if underlying one-time-signature algorithm isn't
+  - existentially unforgeable in adaptive chosen message attack
 
   - We believe that as long as the random oracle, 
     used to generate the new private keys
@@ -315,13 +305,44 @@
 Conclusion
 ==========
 
-- key idea: using the deterministic bit string for each privkey
+- presented a new signature scheme with several benefits
+
+  - no trapdoor funcs
+
+  - This scheme is existentially
+    unforgeable with an adaptive chosen message attack.
+
+  - no state beyond the private key: no need to keep track
+    of signed documents &c.
+
+  - no need for expiration of key or signature
+
+- application in long-term digital publishing, 
+  the time limits on normal digital signatures
+  are inconvenient
+
+- downsides 
+
+  - signatures relatively large and signing and
+    verifying relatively slow
+
+    - considerable improvements 
+      probably possible
+
+  - naturally not foolproof: e.g. hashes *do* get broken, REF
+
+- key idea: using the deterministic random oracle
+  to create a huge virtual tree of private keys,
+
+  - in one instance `$2^{160}$`, enough to have a separate private
+    key for each value to be signed.
+
+- also probabilistic, faster versions, which can be made
+  to work if only a predetermined number of documents is ever signed
+  with a key. 
+
+
 
-In long-term digital publishing, the time limits on normal digital signatures
-are 
 
-- we expect our methods to be improved on considerably; we have shown it is 
*feasible*,
-  now someone needs to show it's *practical*
 
-- hashes *do* get broken, REF