[10487] in cryptography@c2.net mail archive
RE: theory: unconditional security
daemon@ATHENA.MIT.EDU (Amir Herzberg)
Thu Feb 21 11:44:15 2002
From: "Amir Herzberg" <amir@beesites.co.il>
To: "'Carl Ellison'" <cme@acm.org>, "'Greg Rose'" <ggr@qualcomm.com>
Cc: "'Zefram'" <zefram@fysh.org>, <cryptography@wasabisystems.com>
Date: Thu, 21 Feb 2002 11:28:14 +0200
Message-ID: <000401c1baba$17f37880$323cfea9@newgenpay>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
In-Reply-To: <3.0.5.32.20020219091841.01ce46d0@localhost>
> I suspect you find little written about OTP work because people
have
> always assumed the keys were impractical to distribute, store and
> use.
Another concern with OTP and other unconditionally-secure schemes is
that they usually require limited number of applications of the key
(usually, use once). This introduces a substantial synchronization /
reliability / security problem for many applications.
Notice that unconditionally secure authentication and signatures are in
fact used in scenarios where the limited use can be easily assured, such
as in online/offline signatures, used e.g. for micropayments and for
multicast encryption. In these cases, a `regular` offline signature
(e.g. RSA) is used to sign in advance (offline) the public key of the
one-time signature scheme. The one-time signature is applied when
processing online the message to be signed (with very little time). Of
course, the reason one-time signatures are used for these applications
is because they are faster, not because they are unconditionally secure.
Regards, Amir Herzberg
See http://amir.beesites.co.il/book.html for lectures and
draft-chapters from book-in-progress, `secure communication and commerce
using cryptography`; feedback welcome!
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
