Changes between Version 9 and Version 10 of NewMutableEncodingDesign


Ignore:
Timestamp:
2010-01-07T07:34:46Z (15 years ago)
Author:
davidsarah
Comment:

clarify which schemes depend on ECDSA (short public keys) and which don't

Legend:

Unmodified
Added
Removed
Modified
  • NewMutableEncodingDesign

    v9 v10  
    113113 * (1K) writecap = K-bit random string (perhaps derived from user-supplied
    114114   material) (remember, K=kappa, probably 128bits)
    115  * (2K) readcap = 2*K-bit semiprivate key
     115 * (minimum 2K) readcap = minimum 2*K-bit semiprivate key
    116116 * verifycap = 2*K-bit public key
    117117 * storage-index = truncated verifycap
     
    131131
    132132 * (1K) writecap = K-bit random string
    133  * (2K) readcap = 2*K-bit first semiprivate key
    134  * (2K) traversalcap = 2*K-bit second semiprivate key
     133 * (minimum 2K) readcap = minimum 2*K-bit first semiprivate key
     134 * (minimum 2K) traversalcap = minimum 2*K-bit second semiprivate key
    135135 * verifycap = 2*K-bit public key
    136136 * storage-index = truncated verifycap
     
    140140child verifycap/traversalcaps.
    141141
    142 == ECDSA, no semi-private keys, no traversalcap ==
     142== Any public key algorithm, no semi-private keys, no traversalcap ==
    143143
    144144Without semi-private keys, we need something more complicated to protect the
     
    161161resistance. The verifycap is 2*K.
    162162
    163 === include pubkey in cap ===
     163=== include ECDSA pubkey in cap ===
    164164
    165165Or, if the pubkey is short enough, include it in the cap rather than
     
    177177give us slightly shorter keys.
    178178
    179 === add traversalcap ===
     179=== Any public key algorithm, no semi-private keys, with traversalcap ===
    180180
    181181Since a secure pubkey identifier (either H(pubkey) or the original privkey)