[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Gzz-commits] manuscripts/Sigs article.rst
|
From: |
Tuomas J. Lukka |
|
Subject: |
[Gzz-commits] manuscripts/Sigs article.rst |
|
Date: |
Mon, 19 May 2003 17:35:20 -0400 |
CVSROOT: /cvsroot/gzz
Module name: manuscripts
Changes by: Tuomas J. Lukka <address@hidden> 03/05/19 17:35:20
Modified files:
Sigs : article.rst
Log message:
texttwids
CVSWeb URLs:
http://savannah.gnu.org/cgi-bin/viewcvs/gzz/manuscripts/Sigs/article.rst.diff?tr1=1.143&tr2=1.144&r1=text&r2=text
Patches:
Index: manuscripts/Sigs/article.rst
diff -u manuscripts/Sigs/article.rst:1.143 manuscripts/Sigs/article.rst:1.144
--- manuscripts/Sigs/article.rst:1.143 Mon May 19 17:30:34 2003
+++ manuscripts/Sigs/article.rst Mon May 19 17:35:20 2003
@@ -215,20 +215,22 @@
random oracles exist.
To our knowledge, this is has not previously been possible without
-remembering all previously signed documents or changing to a new
+remembering things about
+previously signed documents or changing to a new
private key after a given number of signatures.
Our scheme only requires the private key to be remembered; no other
state is required.
In key boosting, the choice of the tree branch `$x$` to follow at each
node is crucial to the nature of the algorithm.
-In order to be able to sign 160-bit hashes securely, we generate
+In order to be able to sign 160-bit hashes securely,
+we choose the scheme parameters and `$x$` so as to generate
a unique private key for each 160-bit hash.
-This is done by requiring that `$q^N > 2^{160}$` and choosing
+This is done by requiring that `$q^N \\ge 2^{160}$` and choosing
`$x$` based on the bits of the hash to be signed.
If we use Merkle hash trees to obtain the underlying `$q$`-time scheme
from a one-time scheme, we have for the parameters of the two algorithms
-the inequality `$ nN \ge 160 $`.
+the inequality `$ nN \\ge 160 $`.
Obtaining the minimal integral solutions of this inequality
gives us a tradeoff where the length of the signature is approximately
linear with `$N$` and the time to sign grows exponentially with `$n$`.
@@ -275,8 +277,6 @@
(explain/ref Merkle I as underlying scheme, explain calculations
using this combined scheme)
-
-- feasible
- may be practical for some applications,
but no replacement in general
- [Gzz-commits] manuscripts/Sigs article.rst, (continued)
- [Gzz-commits] manuscripts/Sigs article.rst, Tuomas J. Lukka, 2003/05/19
- [Gzz-commits] manuscripts/Sigs article.rst, Tuomas J. Lukka, 2003/05/19
- [Gzz-commits] manuscripts/Sigs article.rst, Benja Fallenstein, 2003/05/19
- [Gzz-commits] manuscripts/Sigs article.rst, Tuomas J. Lukka, 2003/05/19
- [Gzz-commits] manuscripts/Sigs article.rst, Benja Fallenstein, 2003/05/19
- [Gzz-commits] manuscripts/Sigs article.rst, Benja Fallenstein, 2003/05/19
- [Gzz-commits] manuscripts/Sigs article.rst, Tuomas J. Lukka, 2003/05/19
- [Gzz-commits] manuscripts/Sigs article.rst, Benja Fallenstein, 2003/05/19
- [Gzz-commits] manuscripts/Sigs article.rst, Tuomas J. Lukka, 2003/05/19
- [Gzz-commits] manuscripts/Sigs article.rst, Tuomas J. Lukka, 2003/05/19
- [Gzz-commits] manuscripts/Sigs article.rst,
Tuomas J. Lukka <=
- [Gzz-commits] manuscripts/Sigs article.rst, Tuomas J. Lukka, 2003/05/19
- [Gzz-commits] manuscripts/Sigs article.rst, Tuomas J. Lukka, 2003/05/19
- [Gzz-commits] manuscripts/Sigs article.rst, Tuomas J. Lukka, 2003/05/19
- [Gzz-commits] manuscripts/Sigs article.rst, Tuomas J. Lukka, 2003/05/19
- [Gzz-commits] manuscripts/Sigs article.rst, Tuomas J. Lukka, 2003/05/19
- [Gzz-commits] manuscripts/Sigs article.rst, Benja Fallenstein, 2003/05/19
- [Gzz-commits] manuscripts/Sigs article.rst, Tuomas J. Lukka, 2003/05/19
- [Gzz-commits] manuscripts/Sigs article.rst, Benja Fallenstein, 2003/05/19
- [Gzz-commits] manuscripts/Sigs article.rst, Benja Fallenstein, 2003/05/19
- [Gzz-commits] manuscripts/Sigs article.rst, Benja Fallenstein, 2003/05/19