[Gzz-commits] manuscripts/Sigs article.rst

[Tuomas J. Lukka]

CVSROOT:        /cvsroot/gzz
Module name:    manuscripts
Changes by:     Tuomas J. Lukka <address@hidden>        03/05/19 14:56:07

Modified files:
        Sigs           : article.rst 

Log message:
        someabs

CVSWeb URLs:
http://savannah.gnu.org/cgi-bin/viewcvs/gzz/manuscripts/Sigs/article.rst.diff?tr1=1.121&tr2=1.122&r1=text&r2=text

Patches:
Index: manuscripts/Sigs/article.rst
diff -u manuscripts/Sigs/article.rst:1.121 manuscripts/Sigs/article.rst:1.122
--- manuscripts/Sigs/article.rst:1.121  Mon May 19 14:48:17 2003
+++ manuscripts/Sigs/article.rst        Mon May 19 14:56:07 2003
@@ -4,31 +4,29 @@
 
 Abstract:
 
-- recursive application of one-time signature to sign
-  nodes along a single path through a virtual tree of 
-  new pubkeys corresponding to privkeys
-  deterministically
-  generated by random oracle from the tree node
-
-- In conjunction with Merkle hash trees, used to generate
-  a family of trade-offed schemes whose time and space characteristics
-  depend linearly on the underlying one-time sig schemes'.
-
-- good
-
-  - existentially unforgeable in adaptive chosen message attack
-
-  - We believe that as long as the random oracle, 
-    used to generate the new private keys
-    and to implement the one-time signatures, 
-    isn't broken, an exhaustive
-    key search is the only way to break the scheme.
-
-  - (however, we don't give full security analysis)
-
-  - unlimited time
-
-  - hash function strength, no trapdoor function required
+We propose an new digital signature scheme based on
+recursive application of an underlying
+one-time signature scheme to sign
+nodes along a single path through a virtual tree of 
+keys deterministically
+generated by random oracle from the parent private keys.
+In conjunction with Merkle hash trees, our scheme
+is used to generate
+a family of schemes with a tradeoff between
+time and space characteristics, which for all separate values
+of the tradeoff parameter
+depend linearly on the characteristics 
+of the underlying one-time signature scheme.
+
+Our scheme has several advantages:
+signatures are   
+existentially unforgeable in adaptive chosen message attack.
+Because the security of the scheme is based only on 
+one-way functions and a random oracle, i.e. 
+no trapdoor functions are used, 
+the keys and signatures remain valid 
+for an 
+unlimited time.
 
 - instance: 
 
@@ -46,6 +44,14 @@
 
 - we discuss applications
 
+..  we believe that as long as the random oracle, 
+    used to generate the new private keys
+    and to implement the one-time signatures, 
+    isn't broken, an exhaustive
+    key search is the only way to break the scheme.
+
+    - (however, we don't give full security analysis)
+
 Introduction
 ============
 
@@ -327,7 +333,7 @@
     verifying relatively slow
 
     - considerable improvements 
-      probably possible
+      may be possible
 
   - naturally not foolproof: e.g. hashes *do* get broken, REF