Merk_80 Ralph C. Merkle: Protocols for Public Key Cryptosystems; Proceedings of the 1980 Symposium on Security and Privacy, April 14-16, 1980 Oakland, California, 122-134. Home/Search Document Not in Database Summary Related Articles Check |
This paper is cited in the following contexts:
Cryptographically Strong Undeniable Signatures.. - Chaum, van Heijst.. (1992) (39 citations) (Correct)
....g s chosen this way. In the following, we consider the case of one g only. Tree authentication: As usual, one can extend the scheme to many signatures, without augmenting the public key, by two versions of tree authentication. First, the previous public keys can be used as leaves of a hash tree [M1]. The new public key is just the root. However, for invisibility, the signer must tell the recipient the leaves of the tree, and must use the leaves in random order. A collision for the hash function hash used counts as disavowal, and for the recipient s security, hash must be cryptographically ....
Ralph Merkle: Protocols for Public Key Cryptosystems; Proceedings of the 1980 Symposium on Security and Privacy, April 14-16, 1980 Oakland, California, 122-134.
New Constructions of Fail-Stop Signatures and Lower Bounds.. - van Heijst, al. (1992) (2 citations) (Correct)
....signatures exist if factoring large integers or computing discrete logarithms is hard. The construction uses one time signatures, similar to [L79] i.e. messages are basically signed bit by bit. Therefore, although messages can be hashed before signing and tree authentication is used (similar to [M80]) this general construction is not very efficient. There is an efficient variant especially suited for making clients unconditionally secure in on line payment systems, see [P91] However, in this scheme, all signatures by one client (with one key) must have the same recipient, like the bank in a ....
....by making r smaller. E. van Heijst, T. Pedersen, B. Pfitzmann: Fail Stop Signatures . 8 sign: k multiplications test: 2k s multiplications Length of pk: 2k Length of sk: 4k 2s Signature length: 2k s To sign several messages, one can use tree authentication as in [PW91, HP92] after [M80]. Note that key exchange is more efficient in [HP92] because the choice of the prekey is just a choice of random numbers, and no prekey test is necessary even if there is no trusted device to choose the prekey. 4 Lower Bounds The idea of each of our proofs will first be described informally. For ....
Ralph C. Merkle: Protocols for Public Key Cryptosystems; Proc. 1980 Symposium on Security and Privacy, Oakland 1980, 122-134.
Cryptographically Strong Undeniable Signatures.. - Chaum, van Heijst.. (1991) (39 citations) (Correct)
No context found.
Merk_80 Ralph C. Merkle: Protocols for Public Key Cryptosystems; Proceedings of the 1980 Symposium on Security and Privacy, April 14-16, 1980 Oakland, California, 122-134.
Fail-stop Signatures and their Application - Pfitzmann, Waidner (1991) (7 citations) (Correct)
No context found.
Merk_80 Ralph C. Merkle: Protocols for Public Key Cryptosystems; Proceedings of the 1980 Symposium on Security and Privacy, April 14-16, 1980 Oakland, California, 122-134.
Online articles have much greater impact More about CiteSeer.IST Add search form to your site Submit documents Feedback
CiteSeer.IST - Copyright Penn State and NEC