1996-01-12 - Re: p-NEW digital signatures
Header Data
From: ghio@c2.org (Matthew Ghio)
To: cypherpunks@toad.com
Message Hash: ebbb90de0ac90147b2713308bb8d258544fe9bfb7ceafadc7b56f17bf3ad3c72
Message ID: <m0tapC8-000ungC@myriad>
Reply To: <960112182626_72124.3234_EHJ93-1@CompuServe.COM>
UTC Datetime: 1996-01-12 19:55:54 UTC
Raw Date: Sat, 13 Jan 1996 03:55:54 +0800
Raw message
From: ghio@c2.org (Matthew Ghio)
Date: Sat, 13 Jan 1996 03:55:54 +0800
To: cypherpunks@toad.com
Subject: Re: p-NEW digital signatures
In-Reply-To: <960112182626_72124.3234_EHJ93-1@CompuServe.COM>
Message-ID: <m0tapC8-000ungC@myriad>
MIME-Version: 1.0
Content-Type: text/plain
Kent Briggs <kbriggs@execpc.com> wrote:
>s is discarded and the signature is r and z. The verification is:
>
>m=zy^r mod p
>
>This slows down the signing but speeds up the verification. Here's the $64K
>question: Does this compromise the signature's security?
Yes. In this case a fake signature can be forged by picking a random r, and
then z can be calculated as:
z=my^(-r) mod p
No security at all.
Thread
Return to January 1996
- Return to “ghio@c2.org (Matthew Ghio)”
Return to “Kent Briggs <72124.3234@compuserve.com>”
- 1996-01-13 (Sat, 13 Jan 1996 08:43:48 +0800) - p-NEW digital signatures - Kent Briggs <72124.3234@compuserve.com>
- 1996-01-12 (Sat, 13 Jan 1996 03:55:54 +0800) - Re: p-NEW digital signatures - ghio@c2.org (Matthew Ghio)