On 23/04/2010 11:57, Paul Crowley wrote:
>>> [2] http://www.cs.umd.edu/~jkatz/papers/dh-sigs-full.pdf
>
> My preferred signature scheme is the second, DDH-based one in the
> linked paper, since it produces shorter signatures - are there any
> proposals which improve on that?
There is RSA or Rabin
On Wed, 28 Apr 2010, Zooko O'Whielacronx wrote:
Anyway, although this is not one, there do exist proposals for public
key crypto schemes where breaking the scheme implies solving a worst
case instance of a supposedly hard problem, right?
Not to worst-case hardness of an NP-complete problem, no
On Thu, Apr 22, 2010 at 12:40 PM, Jonathan Katz wrote:
> On Thu, 22 Apr 2010, Zooko O'Whielacronx wrote:
>
>> Unless I misunderstand, if you read someone's plaintext without having
>> the private key then you have proven that P=NP!
…
> The paper you cite reduces security to a hard-on-average probl
On Fri, Apr 23, 2010 at 3:57 AM, Paul Crowley wrote:
>
> My preferred signature scheme is the second, DDH-based one in the linked
> paper, since it produces shorter signatures - are there any proposals which
> improve on that?
http://eprint.iacr.org/2007/019
Has one. Caveat lector.
Regards,
Zo
Jonathan Katz wrote:
[2] http://www.cs.umd.edu/~jkatz/papers/dh-sigs-full.pdf
On the other hand, there is one published scheme that gives a slight
improvement to our paper (it has fewer on-line computations): it is a
paper by Chevallier-Mames in Crypto 2005 titled "An Efficient CDH-Based
Sig
On Thu, 22 Apr 2010, Zooko O'Whielacronx wrote:
On Wed, Apr 21, 2010 at 5:29 PM, Samuel Neves wrote
(on the cryptography@metzdowd.com list):
[2] http://www.cs.umd.edu/~jkatz/papers/dh-sigs-full.pdf
As one of the authors of the above paper, I have an obvious interest in
this thread. =)
La
On Thu, 22 Apr 2010, Zooko O'Whielacronx wrote:
There is some interesting work in public key cryptosystems that reduce
to a *random* instance of a specific problem.
Here is a very cool one:
http://eprint.iacr.org/2009/576
...
Unless I misunderstand, if you read someone's plaintext without
By the way, the general idea of One Hundred Year Security as far as
digital signatures go would be to combine digital signature
algorithms. Take one algorithm which is bog standard, such as ECDSA
over NIST secp256r1 and another which has strong security properties
and which is very different from E
On Wed, Apr 21, 2010 at 5:29 PM, Samuel Neves wrote
(on the cryptography@metzdowd.com list):
> [2] http://www.cs.umd.edu/~jkatz/papers/dh-sigs-full.pdf
I've been looking at that one, with an eye to using it in the One
Hundred Year Cryptography project that is being sponsored by Google as
part of
On Wed, Apr 21, 2010 at 8:49 PM, Jerry Leichter wrote:
> There are some concrete complexity results - the kind of stuff Rogoway does,
> for example - but the ones I've seen tend to be in the block
> cipher/cryptographic hash function spaces. Does anyone one know of similar
> kinds of results for
* Thierry Moreau:
> Florian Weimer wrote:
>> * Thierry Moreau:
>>
>>> For which purpose(s) is the DNS root signature key an attractive
>>> target?
>>
>> You might be able to make it to CNN if your spin is really good.
> But even without this self-restraint, there would be no spin for a CNN
> stor
Florian Weimer wrote:
* Thierry Moreau:
For which purpose(s) is the DNS root signature key an attractive
target?
You might be able to make it to CNN if your spin is really good.
Thanks for this feedback.
No, no, and no.
No, because I asked the question as a matter of security analysis
m
* Thierry Moreau:
> For which purpose(s) is the DNS root signature key an attractive
> target?
You might be able to make it to CNN if your spin is really good.
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe
Jerry Leichter wrote:
On Apr 21, 2010, at 7:29 PM, Samuel Neves wrote:
EC definitely has practical merit. Unfortunately the patent issues
around
protocols using EC public keys are murky.
Neither RSA nor EC come with complexity proofs.
While EC (by that I assume you mean ECDSA) does not have
Victor Duchovni wrote:
On Tue, Apr 20, 2010 at 08:58:25PM -0400, Thierry Moreau wrote:
The DNS root may be qualified as a "high valued" zone, but I made the
effort to put in writing some elements of a "risk analysis" (I have an
aversion for this notion as I build *IT*controls* and the consulta
On Apr 21, 2010, at 7:29 PM, Samuel Neves wrote:
EC definitely has practical merit. Unfortunately the patent issues
around
protocols using EC public keys are murky.
Neither RSA nor EC come with complexity proofs.
While EC (by that I assume you mean ECDSA) does not have a formal
security pro
On 21-04-2010 02:40, Victor Duchovni wrote:
> EC definitely has practical merit. Unfortunately the patent issues around
> protocols using EC public keys are murky.
>
> Neither RSA nor EC come with complexity proofs.
>
While EC (by that I assume you mean ECDSA) does not have a formal
security pr
On Tue, Apr 20, 2010 at 08:58:25PM -0400, Thierry Moreau wrote:
> The DNS root may be qualified as a "high valued" zone, but I made the
> effort to put in writing some elements of a "risk analysis" (I have an
> aversion for this notion as I build *IT*controls* and the consultants are
> hired to
Perry E. Metzger wrote:
I was alerted to some slides from a talk that Dan Bernstein gave a few
days ago at the University of Montreal on what tools will be needed to
factor 1024 bit numbers:
http://cr.yp.to/talks/2010.04.16/slides.pdf
I had the opportunity to listen to Prof. Dan Bernstein tal
The state of the art in factorization is the same as for, e.g., the
factorization of RSA-768 [1] --- there haven't been many advances in the
number field sieve algorithm itself. The current effort, as Bernstein
puts it, is in speeding up smoothness detection, as part of the relation
collection pro
I was alerted to some slides from a talk that Dan Bernstein gave a few
days ago at the University of Montreal on what tools will be needed to
factor 1024 bit numbers:
http://cr.yp.to/talks/2010.04.16/slides.pdf
It has been a couple of years since there has been serious discussion on
the list on
21 matches
Mail list logo