Barney Wolff wrote:
Pardon a naive question, but shouldn't the signing algorithm allow the
signer to add two nonces before and after the thing to be signed, and
make the nonces part of the signature?  That would eliminate the risk
of ever signing something exactly chosen by an attacker, or at least
so it would seem.

Most (secure) signature schemes actually include the randomization as part of their process, so adding nonces to the text before signing is not necessary. OTOH, I don't see any problem in defining between the parties (in the `meta-contract` defining their use of public key signatures) that the signed documents are structured with a random field before and after the `actual contract`, as long as the fields are well defined.
Best regards,

Amir Herzberg
Associate Professor, Computer Science Dept., Bar Ilan University (information and lectures in cryptography & security)
Mirror site:
fn:Amir  Herzberg
org:Bar Ilan University;Computer Science
adr:;;;Ramat Gan ;;52900;Israel
email;internet:[EMAIL PROTECTED]
title:Associate Professor
url: , mirror: 

Reply via email to