> I suspect you find little written about OTP work because people have > always assumed the keys were impractical to distribute, store and > use.
Another concern with OTP and other unconditionally-secure schemes is that they usually require limited number of applications of the key (usually, use once). This introduces a substantial synchronization / reliability / security problem for many applications. Notice that unconditionally secure authentication and signatures are in fact used in scenarios where the limited use can be easily assured, such as in online/offline signatures, used e.g. for micropayments and for multicast encryption. In these cases, a `regular` offline signature (e.g. RSA) is used to sign in advance (offline) the public key of the one-time signature scheme. The one-time signature is applied when processing online the message to be signed (with very little time). Of course, the reason one-time signatures are used for these applications is because they are faster, not because they are unconditionally secure. Regards, Amir Herzberg See http://amir.beesites.co.il/book.html for lectures and draft-chapters from book-in-progress, `secure communication and commerce using cryptography`; feedback welcome! --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
