[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Gzz-commits] manuscripts/Sigs article.rst
From: |
Tuomas J. Lukka |
Subject: |
[Gzz-commits] manuscripts/Sigs article.rst |
Date: |
Sat, 17 May 2003 15:04:02 -0400 |
CVSROOT: /cvsroot/gzz
Module name: manuscripts
Changes by: Tuomas J. Lukka <address@hidden> 03/05/17 15:04:02
Modified files:
Sigs : article.rst
Log message:
abs
CVSWeb URLs:
http://savannah.gnu.org/cgi-bin/viewcvs/gzz/manuscripts/Sigs/article.rst.diff?tr1=1.48&tr2=1.49&r1=text&r2=text
Patches:
Index: manuscripts/Sigs/article.rst
diff -u manuscripts/Sigs/article.rst:1.48 manuscripts/Sigs/article.rst:1.49
--- manuscripts/Sigs/article.rst:1.48 Sat May 17 14:52:53 2003
+++ manuscripts/Sigs/article.rst Sat May 17 15:04:02 2003
@@ -7,12 +7,14 @@
We propose an unlimited-time digital signature scheme based
on a one-time signature scheme and a random oracle.
-The random oracle is used to map a private key to a
+The random oracle is used to map a private key deterministically
+to a
set of new private keys.
-The original private key is used to sign the new
+The original private key is used (through a hash tree)
+to sign the new
private keys.
For each message, one of the new keys is chosen,
-and this process is repeated recursively for a number
+and this process is iterated for a number
of times to obtain the final private key used to sign
the actual message. The signature consists of
the chain of signatures from the original public key
@@ -20,20 +22,12 @@
The detailed characteristics of the algorithm are determined
by the one-time signature scheme used,
-the number of recursion levels,
+the number of iterations,
and the algorithm for choosing which private key to use.
-A one-time signature algorithm can be used as the primitive
-because
-each private key is only used to sign the public keys
-corresponding to a constant number of
-new private keys that only depend on the private key,
-not the message.
-
-Additionally, rejecting invalid signatures can be
-significantly faster than in RSA-like systems.
-On the other hand, signing is comparatively slow
-and signatures can be large.
+On a theoretical level, our scheme allows the construction
+of a feasible algorithm with the full digital signature feature
+set without using a trapdoor function.
Our scheme has applications in long-term digital publishing.
Unlike signature schemes like RSA and DSA, it does not
@@ -45,6 +39,11 @@
isn't broken, an exhaustive
key search is the only way to break the scheme.
+.. Additionally, rejecting invalid signatures can be
+ significantly faster than in RSA-like systems.
+ On the other hand, signing is comparatively slow
+ and signatures can be large.
+
Introduction
============
@@ -287,6 +286,9 @@
- can't copy key or restore from backup!
+- any scheme mapping the *action* of signing uniquely to a number between 0
and `$q$`
+ will work.
+
Probabilistic limited
---------------------
@@ -309,8 +311,15 @@
- birthday paradox again: must not allow the attacker to have
2**30 messages being signed
+- however, collisions *only* invalidate one leaf of the key tree, so
+ it *is* possible to
+ revoke only that leaf, not the whole key.
+
Applicability to Digital Publishing
===================================
+
+In long-term digital publishing, the time limits on normal digital signatures
+are
foo
- [Gzz-commits] manuscripts/Sigs article.rst, (continued)
- [Gzz-commits] manuscripts/Sigs article.rst, Tuomas J. Lukka, 2003/05/17
- [Gzz-commits] manuscripts/Sigs article.rst, Tuomas J. Lukka, 2003/05/17
- [Gzz-commits] manuscripts/Sigs article.rst, Tuomas J. Lukka, 2003/05/17
- [Gzz-commits] manuscripts/Sigs article.rst, Benja Fallenstein, 2003/05/17
- [Gzz-commits] manuscripts/Sigs article.rst, Benja Fallenstein, 2003/05/17
- [Gzz-commits] manuscripts/Sigs article.rst, Tuomas J. Lukka, 2003/05/17
- [Gzz-commits] manuscripts/Sigs article.rst, Tuomas J. Lukka, 2003/05/17
- [Gzz-commits] manuscripts/Sigs article.rst, Tuomas J. Lukka, 2003/05/17
- [Gzz-commits] manuscripts/Sigs article.rst, Tuomas J. Lukka, 2003/05/17
- [Gzz-commits] manuscripts/Sigs article.rst, Tuomas J. Lukka, 2003/05/17
- [Gzz-commits] manuscripts/Sigs article.rst,
Tuomas J. Lukka <=
- [Gzz-commits] manuscripts/Sigs article.rst, Tuomas J. Lukka, 2003/05/17
- [Gzz-commits] manuscripts/Sigs article.rst, Tuomas J. Lukka, 2003/05/17
- [Gzz-commits] manuscripts/Sigs article.rst, Tuomas J. Lukka, 2003/05/17
- [Gzz-commits] manuscripts/Sigs article.rst, Tuomas J. Lukka, 2003/05/17
- [Gzz-commits] manuscripts/Sigs article.rst, Benja Fallenstein, 2003/05/17
- [Gzz-commits] manuscripts/Sigs article.rst, Tuomas J. Lukka, 2003/05/17
- [Gzz-commits] manuscripts/Sigs article.rst, Tuomas J. Lukka, 2003/05/17
- [Gzz-commits] manuscripts/Sigs article.rst, Tuomas J. Lukka, 2003/05/17
- [Gzz-commits] manuscripts/Sigs article.rst, Benja Fallenstein, 2003/05/17
- [Gzz-commits] manuscripts/Sigs article.rst, Tuomas J. Lukka, 2003/05/17