Isn't a problem with this that the private key can only be used to sign one message as otherwise more intermediate values for different bit patterns are revealed--and then I can forge all the downstream ones. In the extreme case, if I have two messages where the digest differs in the first bit, I have A, B and C. That also means that technically only B or C are really "private" as A and (B or C) are pushed as part of the signature.
--Felix ________________________________________ From: cryptography <[email protected]> on behalf of ianG <[email protected]> Sent: Monday, December 28, 2015 20:47 To: [email protected] Subject: Re: [cryptography] Satoshi Nakamoto's 2015 unbreakable signature algorith On 28/12/2015 13:03 pm, Wilson Ross wrote: > >> Satoshi Nakamoto >> Hash Tube Signature Scheme >> [email protected] >> 25.12.2015 > >> Abstract. A Hash Tube signature scheme is proposed, with an explanation how >> the individual tube levels are built. The signature and verification >> procedures >> on this virtual object are introduced. This scheme is applied to the signing >> of >> a cryptographic payments. Methods how the approach mitigates the double spend >> risk are evaluated in a practical retail-like use cases. Can we at least post some links? https://www.docdroid.net/mR3fUNS/paper.pdf.html is apparently where 1st 2 pages are. _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
