[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: othersrc/external/bsd/lamport
Module Name: othersrc
Committed By: agc
Date: Mon Oct 3 05:41:59 UTC 2011
Update of /cvsroot/othersrc/external/bsd/lamport
In directory ivanova.netbsd.org:/tmp/cvs-serv28707
Lamport signatures were invented in 1979, and are used as one-time
signatures (since verification exposes parts of the public key, which
is derived from the secret key). Lamport signatures can be built from
any cryptographically-secure hash function. It is posited that
Lamport signatures are still secure, depending on the hash function
used, in the case of quantum computers; the same cannot be said of RSA
or DSA, for example.
In combination with hashtrees or merkle trees, Lamport signatures can
be generalised to work by exposing only the top element of the
hashtree, and by providing the elements of the hash tree that make up
the hash values of the other blocks. Whilst this exposes one hash
value (out of 256 in the case of SHA256), the other hash values making
up the key are not exposed, and the key can be used again.
+ to create a secret Lamport key, a random number generator is used to
generate 256 pairs of random numbers, each number being 32 bytes in
length. Each of these pairs has a "0" value and a "1" value. A
secret key is thus 16KB. The public key is derived from the secret
key by hashing each of the 512 32-byte random numbers to give 512
32-byte numbers, also 16 KB.
+ to create a lamport signature, the message itself is hashed to give
a 256-bit digest value. For each of the bits in this hash value, the
corresponding hash from the private key is used. If this bit is a 0,
the "0" value from the 256 pairs is used; if the bit is 1, the "1"
value from the 256 pairs is used. In this way, 256 numbers of 256
bits each constitute the signature, making it 8KB in length. The
unused values are discarded, and the key cannot be used again, since
the private key is exposed during verification.
+ to verify a signature, the same message is hashed to give a 256-bit
digest value, and the corresponding bits in the public key are used to
generate an 8KB computed signature. The hashed signature is
calculated by hashing each of the 256 32-byte numbers in the signature
itself. The resulting 8KB signature must match the calculated
signature for a match to be made.
This implementation provides the simple, one-time key, and uses the
SHA256 algorithm as the hash function.
Vendor Tag: CROOKS
Release Tags: lamport-signatures-base
No conflicts created by this import
Main Index |
Thread Index |