[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Gzz-commits] manuscripts/Sigs article.rst
|
From: |
Tuomas J. Lukka |
|
Subject: |
[Gzz-commits] manuscripts/Sigs article.rst |
|
Date: |
Tue, 20 May 2003 05:30:56 -0400 |
CVSROOT: /cvsroot/gzz
Module name: manuscripts
Changes by: Tuomas J. Lukka <address@hidden> 03/05/20 05:30:56
Modified files:
Sigs : article.rst
Log message:
jvkcomm
CVSWeb URLs:
http://savannah.gnu.org/cgi-bin/viewcvs/gzz/manuscripts/Sigs/article.rst.diff?tr1=1.157&tr2=1.158&r1=text&r2=text
Patches:
Index: manuscripts/Sigs/article.rst
diff -u manuscripts/Sigs/article.rst:1.157 manuscripts/Sigs/article.rst:1.158
--- manuscripts/Sigs/article.rst:1.157 Mon May 19 20:18:02 2003
+++ manuscripts/Sigs/article.rst Tue May 20 05:30:56 2003
@@ -131,7 +131,7 @@
Other choices such as BiBa [perrig01biba]_
are possible, but not evaluated in this article.
-The private key for this scheme is a random number
+The private key for the key boosted scheme is a random number
from which a private key for the underlying
one-time-signature primitive can be generated
using the random oracle.
@@ -205,7 +205,7 @@
is not based on complexity of inverting trapdoor functions;
it requires only a hash function in the random oracle model.
-To our knowledge, this is has not previously been possible without
+To our knowledge, this has not previously been possible without
remembering things about
previously signed documents and changing to a new
private key after a given number of signatures.
@@ -222,7 +222,8 @@
If we use Merkle hash trees to obtain the underlying `$q$`-time scheme
from a one-time scheme, we have for the parameters of the two algorithms
-the inequality `$ nN \\ge 160 $`.
+the inequality `$ nN \\ge 160 $`, where `$n$` is the depth of
+the Merkle hash tree.
Obtaining the minimal integral solutions of this inequality
gives us a tradeoff where the length of the signature is approximately
@@ -431,12 +432,12 @@
hash functions may be found. Also, while
all digital
signatures in practice do depend on a hash function for
-long messages, our demands for are stricter: the hash
+long messages, our demands for it are stricter: the hash
function must also be a random oracle.
-We believe that as long as the random oracle,
+We believe that as long as the random oracle
used to generate the new private keys
-and to implement the one-time signatures,
+and to implement the one-time signatures
isn't broken, an exhaustive
key search is the only way to break the scheme.
At the very least, this scheme is
- [Gzz-commits] manuscripts/Sigs article.rst, (continued)
- [Gzz-commits] manuscripts/Sigs article.rst, Tuomas J. Lukka, 2003/05/19
- [Gzz-commits] manuscripts/Sigs article.rst, Tuomas J. Lukka, 2003/05/19
- [Gzz-commits] manuscripts/Sigs article.rst, Tuomas J. Lukka, 2003/05/19
- [Gzz-commits] manuscripts/Sigs article.rst, Tuomas J. Lukka, 2003/05/19
- [Gzz-commits] manuscripts/Sigs article.rst, Benja Fallenstein, 2003/05/19
- [Gzz-commits] manuscripts/Sigs article.rst, Tuomas J. Lukka, 2003/05/19
- [Gzz-commits] manuscripts/Sigs article.rst, Benja Fallenstein, 2003/05/19
- [Gzz-commits] manuscripts/Sigs article.rst, Benja Fallenstein, 2003/05/19
- [Gzz-commits] manuscripts/Sigs article.rst, Benja Fallenstein, 2003/05/19
- [Gzz-commits] manuscripts/Sigs article.rst, Tuomas J. Lukka, 2003/05/19
- [Gzz-commits] manuscripts/Sigs article.rst,
Tuomas J. Lukka <=
- [Gzz-commits] manuscripts/Sigs article.rst, Tuomas J. Lukka, 2003/05/20