Doesn't a standard digital signature plus hashcash / client puzzles achieve this effect?
The hashcash could be used to make the client to consume more cpu than the server. The hashcash collision wouldn't particularly have to be related to the signature, as the collision would just act as a proof-of-work entitling the client to have the server verify the accompanying signature. Adam On Thu, Jun 20, 2002 at 11:08:37PM -0700, Bill Frantz wrote: > I have been thinking about how to limit denial of service attacks on a > server which will have to verify signatures on certain transactions. It > seems that an attacker can just send random (or even not so random) data > for the signature and force the server to perform extensive processing just > to reject the transaction. > > If there is a digital signature algorithm which has the property that most > invalid signatures can be detected with a small amount of processing, then > I can force the attacker to start expending his CPU to present signatures > which will cause my server to expend it's CPU. This might result in a > better balance between the resources needed by the attacker and those > needed by the server. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
