[10917] in cryptography@c2.net mail archive
RE: Shortcut digital signature verification failure
daemon@ATHENA.MIT.EDU (Lucky Green)
Fri Jun 21 18:12:14 2002
From: "Lucky Green" <shamrock@cypherpunks.to>
To: <cryptography@wasabisystems.com>
Date: Fri, 21 Jun 2002 14:58:16 -0700
In-Reply-To: <v03110703b93871fedcf2@[165.247.218.63]>
Bill wrote:
> I have been thinking about how to limit denial of service
> attacks on a server which will have to verify signatures on
> certain transactions. It seems that an attacker can just
> send random (or even not so random) data for the signature
> and force the server to perform extensive processing just to
> reject the transaction.
>
> If there is a digital signature algorithm which has the
> property that most invalid signatures can be detected with a
> small amount of processing, then I can force the attacker to
> start expending his CPU to present signatures which will
> cause my server to expend it's CPU. This might result in a
> better balance between the resources needed by the attacker
> and those needed by the server.
Neat idea. So neat in fact that RSA Security has a patent on it. :-)
Sorry, I don't have the patent number handy.
--Lucky
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
