[Gzz-commits] manuscripts/Sigs article.rst

[Benja Fallenstein]

CVSROOT:        /cvsroot/gzz
Module name:    manuscripts
Changes by:     Benja Fallenstein <address@hidden>      03/05/17 13:59:55

Modified files:
        Sigs           : article.rst 

Log message:
        instead of parameters k and N, use N, and require a k-time signature 
scheme

CVSWeb URLs:
http://savannah.gnu.org/cgi-bin/viewcvs/gzz/manuscripts/Sigs/article.rst.diff?tr1=1.35&tr2=1.36&r1=text&r2=text

Patches:
Index: manuscripts/Sigs/article.rst
diff -u manuscripts/Sigs/article.rst:1.35 manuscripts/Sigs/article.rst:1.36
--- manuscripts/Sigs/article.rst:1.35   Sat May 17 13:55:04 2003
+++ manuscripts/Sigs/article.rst        Sat May 17 13:59:55 2003
@@ -124,7 +124,7 @@
 One-time Signature Key Boosting
 ===============================
 
-This scheme is based on two primitives: 1) A one-time-signature
+This scheme is based on two primitives: 1) A `$k$`-time-signature
 algorithm which takes a random number as its private key, and 
 2) a random oracle which generates an apparently random
 bitstring from a given number.
@@ -136,26 +136,26 @@
 
 To generate a signature for the message $m$, 
 we start by setting `$p$` to the
-private key and `$i$` to `$0$`.
+private key.
 Then, we iterate over the following steps `$N$` times:
 
-1. Use the random oracle to generate `$k$` new private keys
-   `$p_j$`
-   from `$p$`.
+1. Choose `$x \\in [1,k]$`. The exact algorithm for making this
+   choice parametrizes the algorithm; possible choices are discussed
+   below.
+
+2. Use the random oracle to generate the `$x$th` new private key
+   `$p_x$` from `$p$`.
 
-2. Sign the corresponding public keys with `$p$`. This does
+2. Sign the corresponding public key with `$p$`. This does
    not present
-   a problem for the one-time signature algorithm, since
+   a problem for the `$k$`-time signature algorithm, since
    the random oracle is deterministic and
-   the string to be signed is thus always the same for a given `$p$`.
-
-3. Choose `$x \\in [1,k]$`. The exact algorithm for making this
-   choice parametrizes the algorithm; possible choices are discussed
-   below.
+   no more than `$k$` strings will therefore be signed
+   with any given `$p$`.
 
 4.  `$p \\leftarrow p_x$`
 
-After the iteration, `$p$` contains the private key to be used to sign
+After the last iteration, `$p$` contains the private key to be used to sign
 the actual message $m$ using the one-time-signature primitive.
 The signature consists of this signature and the whole chain
 of signatures connecting this to the original public key.