Ben Laurie <[EMAIL PROTECTED]> writes:

> Simon Josefsson wrote:
>> No, the certificate is verifiable in deterministic polynomial time.
>> The test is probabilistic, though, but as long as it works, I don't
>> see why that matters.  However, I suspect the ANSI X9.80 or ISO 18032
>> paths are more promising.  I was just tossing out URLs.
> Surely Miller-Rabin is polynomial time anyway?

Yes, but it doesn't produce certificates; the algorithm that I cited
do.  The algorithm to _verify_ the certificate was not probabilistic,
only the algorithm to _produce_ the certificates was probabilistic.

Btw, could you describe the threat scenario where you believe this
test would be useful?


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to