[15124] in cryptography@c2.net mail archive
Re: I don't know PAIN...
daemon@ATHENA.MIT.EDU (John Kelsey)
Fri Jan 2 11:58:45 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Wed, 31 Dec 2003 22:31:09 -0500
To: Jerrold Leichter <jerrold.leichter@smarts.com>,
Ben Laurie <ben@algroup.co.uk>
From: John Kelsey <kelsey.j@ix.netcom.com>
Cc: Raymond Lillard <ryl@mmcent.com>,
crypto <cryptography@metzdowd.com>
In-Reply-To: <Pine.GSO.4.58.0312291200120.29666@frame>
At 12:38 PM 12/29/03 -0500, Jerrold Leichter wrote:
...
>Merkle's knapsack systems (which didn't work out for other reasons) had the
>property that the public key was computed directly from the private key.
>(The private key had a special form, while the public key was supposed to
>look like a random instance of the knapsack problem.)
This is the same for discrete log schemes, in general. (Maybe there are
some for which it's not the case.) Your private key is x, your public key
is g^x mod p. Also for one-time signature schemes and their hash-tree
based extensions, which use nothing but a hash function, and for all the
variants of the Merkle puzzle schemes I can think of. (Which are public
key, but just barely.)
...
> -- Jerry
--John Kelsey, kelsey.j@ix.netcom.com
PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
