On 23/04/2010 11:57, Paul Crowley wrote:
[2] http://www.cs.umd.edu/~jkatz/papers/dh-sigs-full.pdf
My preferred signature scheme is the second, DDH-based one in the
linked paper, since it produces shorter signatures - are there any
proposals which improve on that?
There is RSA or Rabin using
By the way, the general idea of One Hundred Year Security as far as
digital signatures go would be to combine digital signature
algorithms. Take one algorithm which is bog standard, such as ECDSA
over NIST secp256r1 and another which has strong security properties
and which is very different from
On Thu, 22 Apr 2010, Zooko O'Whielacronx wrote:
There is some interesting work in public key cryptosystems that reduce
to a *random* instance of a specific problem.
Here is a very cool one:
http://eprint.iacr.org/2009/576
...
Unless I misunderstand, if you read someone's plaintext without
On Thu, 22 Apr 2010, Zooko O'Whielacronx wrote:
On Wed, Apr 21, 2010 at 5:29 PM, Samuel Neves sne...@dei.uc.pt wrote
(on the cryptography@metzdowd.com list):
[2] http://www.cs.umd.edu/~jkatz/papers/dh-sigs-full.pdf
As one of the authors of the above paper, I have an obvious interest in
this
Jonathan Katz wrote:
[2] http://www.cs.umd.edu/~jkatz/papers/dh-sigs-full.pdf
On the other hand, there is one published scheme that gives a slight
improvement to our paper (it has fewer on-line computations): it is a
paper by Chevallier-Mames in Crypto 2005 titled An Efficient CDH-Based
On Fri, Apr 23, 2010 at 3:57 AM, Paul Crowley p...@ciphergoth.org wrote:
My preferred signature scheme is the second, DDH-based one in the linked
paper, since it produces shorter signatures - are there any proposals which
improve on that?
http://eprint.iacr.org/2007/019
Has one. Caveat
On Thu, Apr 22, 2010 at 12:40 PM, Jonathan Katz jk...@cs.umd.edu wrote:
On Thu, 22 Apr 2010, Zooko O'Whielacronx wrote:
Unless I misunderstand, if you read someone's plaintext without having
the private key then you have proven that P=NP!
…
The paper you cite reduces security to a
On Wed, 28 Apr 2010, Zooko O'Whielacronx wrote:
Anyway, although this is not one, there do exist proposals for public
key crypto schemes where breaking the scheme implies solving a worst
case instance of a supposedly hard problem, right?
Not to worst-case hardness of an NP-complete problem,
On Apr 21, 2010, at 7:29 PM, Samuel Neves wrote:
EC definitely has practical merit. Unfortunately the patent issues
around
protocols using EC public keys are murky.
Neither RSA nor EC come with complexity proofs.
While EC (by that I assume you mean ECDSA) does not have a formal
security
Victor Duchovni wrote:
On Tue, Apr 20, 2010 at 08:58:25PM -0400, Thierry Moreau wrote:
The DNS root may be qualified as a high valued zone, but I made the
effort to put in writing some elements of a risk analysis (I have an
aversion for this notion as I build *IT*controls* and the consultants
Jerry Leichter wrote:
On Apr 21, 2010, at 7:29 PM, Samuel Neves wrote:
EC definitely has practical merit. Unfortunately the patent issues
around
protocols using EC public keys are murky.
Neither RSA nor EC come with complexity proofs.
While EC (by that I assume you mean ECDSA) does not
* Thierry Moreau:
For which purpose(s) is the DNS root signature key an attractive
target?
You might be able to make it to CNN if your spin is really good.
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe
Florian Weimer wrote:
* Thierry Moreau:
For which purpose(s) is the DNS root signature key an attractive
target?
You might be able to make it to CNN if your spin is really good.
Thanks for this feedback.
No, no, and no.
No, because I asked the question as a matter of security analysis
* Thierry Moreau:
Florian Weimer wrote:
* Thierry Moreau:
For which purpose(s) is the DNS root signature key an attractive
target?
You might be able to make it to CNN if your spin is really good.
But even without this self-restraint, there would be no spin for a CNN
story. Dedication to
On Wed, Apr 21, 2010 at 8:49 PM, Jerry Leichter leich...@lrw.com wrote:
There are some concrete complexity results - the kind of stuff Rogoway does,
for example - but the ones I've seen tend to be in the block
cipher/cryptographic hash function spaces. Does anyone one know of similar
kinds
On Wed, Apr 21, 2010 at 5:29 PM, Samuel Neves sne...@dei.uc.pt wrote
(on the cryptography@metzdowd.com list):
[2] http://www.cs.umd.edu/~jkatz/papers/dh-sigs-full.pdf
I've been looking at that one, with an eye to using it in the One
Hundred Year Cryptography project that is being sponsored by
On Tue, Apr 20, 2010 at 08:58:25PM -0400, Thierry Moreau wrote:
The DNS root may be qualified as a high valued zone, but I made the
effort to put in writing some elements of a risk analysis (I have an
aversion for this notion as I build *IT*controls* and the consultants are
hired to
On 21-04-2010 02:40, Victor Duchovni wrote:
EC definitely has practical merit. Unfortunately the patent issues around
protocols using EC public keys are murky.
Neither RSA nor EC come with complexity proofs.
While EC (by that I assume you mean ECDSA) does not have a formal
security proof,
The state of the art in factorization is the same as for, e.g., the
factorization of RSA-768 [1] --- there haven't been many advances in the
number field sieve algorithm itself. The current effort, as Bernstein
puts it, is in speeding up smoothness detection, as part of the relation
collection
Perry E. Metzger wrote:
I was alerted to some slides from a talk that Dan Bernstein gave a few
days ago at the University of Montreal on what tools will be needed to
factor 1024 bit numbers:
http://cr.yp.to/talks/2010.04.16/slides.pdf
I had the opportunity to listen to Prof. Dan Bernstein
20 matches
Mail list logo