On 03/09/2010 17:01, Marsh Ray wrote:
> I played with some simulations with randomly-generated mappings, the
> observed value would at times wander over 1.0 BoE/log2 N.
I think when I did this, I fully enumerated the behaviour of a truncated
hash (e.g. the first 20 bits of MD5).
Cheers,
Ben.
--
On 01/09/2010 22:45, Zooko O'Whielacronx wrote:
> On Wed, Sep 1, 2010 at 2:55 PM, Ben Laurie wrote:
>> Or, to put it another way, in order to show that a Merkle signature is
>> at least as good as any other, then you'll first have to show that an
>> iterated hash is at least as secure as a non-ite
On 13/06/2010 05:21, Zooko O'Whielacronx wrote:
> Folks:
>
> Regarding earlier discussion on these lists about "the difficulty of
> factoring" and "post-quantum cryptography" and so on, you might be
> interested in this note that I just posted to the tahoe-dev list:
>
> "100-year digital signatur
On 09/03/2010 01:22 PM, Ben Laurie wrote:
On 03/09/2010 17:01, Marsh Ray wrote:
I played with some simulations with randomly-generated mappings, the
observed value would at times wander over 1.0 BoE/log2 N.
I think when I did this, I fully enumerated the behaviour of a truncated
hash (e.g. the
On 09/03/2010 03:45 AM, Ben Laurie wrote:
That's the whole point - a hash function used on an arbitrary message
produces one of its possible outputs. Feed that hash back in and it
produces one of a subset of its possible outputs. Each time you do this,
you lose a little entropy (I can't remember
On Wed, Sep 1, 2010 at 2:55 PM, Ben Laurie wrote:
>>
>> Therefore, you would end up hashing your messages with a
>> secure hash function to generate "message representatives" short
>> enough to sign.
> Way behind the curve here, but this argument seems incorrect. Merkle
> signatures rely on the p
Nicolas Williams wrote:
> On Sat, Jun 12, 2010 at 10:21:51PM -0600, Zooko O'Whielacronx wrote:
>> http://tahoe-lafs.org/pipermail/tahoe-dev/2010-June/004439.html
>
> There you ask how the Merkle Signature Scheme depends on collision
> resistance. The authors of the paper you link to say that sign
On Sat, Jun 12, 2010 at 10:21:51PM -0600, Zooko O'Whielacronx wrote:
> http://tahoe-lafs.org/pipermail/tahoe-dev/2010-June/004439.html
There you ask how the Merkle Signature Scheme depends on collision
resistance. The authors of the paper you link to say that signature
itself depends only on seco
Folks:
Regarding earlier discussion on these lists about "the difficulty of
factoring" and "post-quantum cryptography" and so on, you might be
interested in this note that I just posted to the tahoe-dev list:
"100-year digital signatures"
http://tahoe-lafs.org/pipermail/tahoe-dev/2010-June/00443