On 01/09/2010 02:30, Joseph Ashwood wrote: > [you may be] looking for a digital signature algorithm, > all the good ones have entropy injected.
I disagree on that last line. There are good digital signature schemes with no injection of entropy. An example is ISO/IEC 9796-2:2002 Digital signature scheme 1, a deterministic digital signature scheme. Such schemes are very useful because they do not allow a subliminal channel that the signer could use for nefarious purposes. Two examples: - You want to know that this signing black box you purchased, accepting (private key, message) and producing a signature using an ASIC, does not leak the private key in the signature (you also need to guard against other leaks, e.g. timing). - You want to know that this anonymous timestamping web service does not embed your IP in the timestamp (although admitedly, you can't rule out that it keeps and secretly sells a log of the IP associated with each timestamp produced). For RSA-based digital signature schemes, it is possible to turn a good scheme with injection of entropy into a good deterministic scheme: replace the entropy by a pseudo random function of the message, and have that added information checked by the verifier. PKCS#1v2 (which recommands RSASSA-PSS, a probabilistic signature scheme) acknowledges that: RSASSA-PSS is different from other RSA-based signature schemes in that it is probabilistic rather than deterministic, incorporating a randomly generated salt value. The salt value enhances the security of the scheme by affording a "tighter" security proof than deterministic alternatives such as Full Domain Hashing (..) However, the randomness is not critical to security. In situations where random generation is not possible, a fixed value or a sequence number could be employed instead, with the resulting provable security similar to that of FDH (..) Francois Grieu --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [email protected]
