[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Gzz-commits] manuscripts/Sigs article.rst
From: |
Tuomas J. Lukka |
Subject: |
[Gzz-commits] manuscripts/Sigs article.rst |
Date: |
Sat, 17 May 2003 15:21:30 -0400 |
CVSROOT: /cvsroot/gzz
Module name: manuscripts
Changes by: Tuomas J. Lukka <address@hidden> 03/05/17 15:21:30
Modified files:
Sigs : article.rst
Log message:
partialreorg
CVSWeb URLs:
http://savannah.gnu.org/cgi-bin/viewcvs/gzz/manuscripts/Sigs/article.rst.diff?tr1=1.52&tr2=1.53&r1=text&r2=text
Patches:
Index: manuscripts/Sigs/article.rst
diff -u manuscripts/Sigs/article.rst:1.52 manuscripts/Sigs/article.rst:1.53
--- manuscripts/Sigs/article.rst:1.52 Sat May 17 15:17:50 2003
+++ manuscripts/Sigs/article.rst Sat May 17 15:21:30 2003
@@ -46,7 +46,49 @@
Introduction
============
-One-time signature schemes [XXX] are based on one-way functions [#]_.
+One-time signatures were originally proposed independently
+by [XXX] and [XXX]. Since then, numerous variations
+and improvements have been published [XXX].
+
+
+Despite the limitation to a small number of signatures
+per public/private key pair,
+
+one-time signatures have
+an important advantage:
+
+one-way functions generally do not rely on
+unproven number-theoretic assumptions, like the
+difficulty of factoring large integers [XXX]. In practice,
+a cryptographic hash function is used in most
+signature schemes anyway to map messages to a
+fixed-length digest, which is then signed. As
+cryptographic hash functions are one-way, also using them
+as the basis for signature avoids introducing additional
+cryptographic primitives into the system.
+
+Additionally, operations on one-way signatures
+may be orders of magnitude faster than operations
+in schemes like DSA or RSA.
+
+In this article, we introduce a new signature scheme
+that can be used any number of times without keeping track
+of private keys that have already been used.
+Our scheme assumes a one-time signature scheme
+and a random oracle.
+In the following Sections, we first
+describe our algorithm.
+Then, we analyze the tradeoffs in it and other one-time signature
+schemes.
+After this, we discuss the different variants of our
+algorithm based on how the path through the key tree
+is selected, and finally conclude.
+
+One-time Signatures
+===================
+
+One-time signature schemes [XXX] are based
+on one-way functions [#]_.
Given a one-way function f, the signer generates a set
of (pseudo)random numbers and and publishes f(x) for each
x in the set. This is the public key. To sign a message,
@@ -68,10 +110,6 @@
in its range is a true subset of any other set in its range,
or that finding such a pair of sets is infeasible.
-One-time signatures were originally proposed independently
-by [XXX] and [XXX]. Since then, numerous variations
-and improvements have been published [XXX].
-
Private keys in one-time signature schemes can generally
only be used to sign a single message. If the same key
were used to sign multiple messages, an attacker might
@@ -92,37 +130,6 @@
However, verification time increases, and the signer
still needs to keep track of which private keys
have already been used in order not to compromise security.
-
-Despite the limitation to a small number of signatures
-per public/private key pair, one-time signatures have
-an important advantage:
-one-way functions generally do not rely on
-unproven number-theoretic assumptions, like the
-difficulty of factoring large integers [XXX]. In practice,
-a cryptographic hash function is used in most
-signature schemes anyway to map messages to a
-fixed-length digest, which is then signed. As
-cryptographic hash functions are one-way, also using them
-as the basis for signature avoids introducing additional
-cryptographic primitives into the system.
-
-Additionally, operations on one-way signatures
-may be orders of magnitude faster than operations
-in schemes like DSA or RSA.
-
-In this article, we introduce a new signature scheme
-that can be used any number of times without keeping track
-of private keys that have already been used.
-Our scheme assumes a one-time signature scheme
-and a random oracle.
-In the following Sections, we first
-describe our algorithm.
-Then, we analyze the tradeoffs in it and other one-time signature
-schemes.
-After this, we discuss the different variants of our
-algorithm based on how the path through the key tree
-is selected, and finally conclude.
-
- [Gzz-commits] manuscripts/Sigs article.rst, (continued)
- [Gzz-commits] manuscripts/Sigs article.rst, Tuomas J. Lukka, 2003/05/17
- [Gzz-commits] manuscripts/Sigs article.rst, Tuomas J. Lukka, 2003/05/17
- [Gzz-commits] manuscripts/Sigs article.rst, Tuomas J. Lukka, 2003/05/17
- [Gzz-commits] manuscripts/Sigs article.rst, Tuomas J. Lukka, 2003/05/17
- [Gzz-commits] manuscripts/Sigs article.rst, Tuomas J. Lukka, 2003/05/17
- [Gzz-commits] manuscripts/Sigs article.rst, Tuomas J. Lukka, 2003/05/17
- [Gzz-commits] manuscripts/Sigs article.rst, Tuomas J. Lukka, 2003/05/17
- [Gzz-commits] manuscripts/Sigs article.rst, Tuomas J. Lukka, 2003/05/17
- [Gzz-commits] manuscripts/Sigs article.rst, Tuomas J. Lukka, 2003/05/17
- [Gzz-commits] manuscripts/Sigs article.rst, Benja Fallenstein, 2003/05/17
- [Gzz-commits] manuscripts/Sigs article.rst,
Tuomas J. Lukka <=
- [Gzz-commits] manuscripts/Sigs article.rst, Tuomas J. Lukka, 2003/05/17
- [Gzz-commits] manuscripts/Sigs article.rst, Tuomas J. Lukka, 2003/05/17
- [Gzz-commits] manuscripts/Sigs article.rst, Benja Fallenstein, 2003/05/17
- [Gzz-commits] manuscripts/Sigs article.rst, Tuomas J. Lukka, 2003/05/17
- [Gzz-commits] manuscripts/Sigs article.rst, Tuomas J. Lukka, 2003/05/17
- [Gzz-commits] manuscripts/Sigs article.rst, Benja Fallenstein, 2003/05/17
- [Gzz-commits] manuscripts/Sigs article.rst, Tuomas J. Lukka, 2003/05/17
- [Gzz-commits] manuscripts/Sigs article.rst, Tuomas J. Lukka, 2003/05/17
- [Gzz-commits] manuscripts/Sigs article.rst, Benja Fallenstein, 2003/05/17
- [Gzz-commits] manuscripts/Sigs article.rst, Benja Fallenstein, 2003/05/17