
	Where results make sense

Topic: Schnorr signature

Related Topics

List of cryptography topics

Enigma machine

Ultra

Arlington Hall

Bletchley Park

	Schnorr group - Wikipedia, the free encyclopedia
		Schnorr groups are useful in discrete log based cryptosystems including Schnorr signatures and DSA.
		In such applications, typically p is chosen to be large enough to resist index-calculus and related methods of solving the discrete-log problem (perhaps 1024-2048 bits), while q is large enough to resist the birthday attack on discrete log problems, which works in any group (perhaps 160-512 bits).
		Schnorr groups were proposed for cryptographic use by Claus-Peter Schnorr.
	en.wikipedia.org /wiki/Schnorr_group (230 words)

	Review of the Digital Signature Standard
		Schnorr's case, or even to effectively present his technical arguments, but Schnorr's claims -- to judge from their impact on DSA adoption, US crypto policy, and specifically the NSA's strategy for managing the US standards process to ensure universal government access to crypto keys (GAK) -- are neither trivial nor vacuous.
		Schnorr responded to a thoughtful challenge from Anon on this List last year may wish to read Schnorr's own informal pitch at: http://privacy.nb.ca/cryptography/archives/coderpunks/new/1998-08/0006.html But see Schnorr's submission to the IEEE PKC working group 1363: http://grouper.ieee.org/groups/1363/letters/SchnorrMar98.html And "A Study on the Coverage of the DSA by EP-Patent 0384475": http://grouper.ieee.org/groups/1363/letters/SchnorrMar98Study.ps Mr.
		Schnorr nor RSA has suggested that any challenge to DSS is pending, although the Schnorr patents are valid until 2008, so at one level this discussion is a mere intellectual exercise.
	cryptome.sabotage.org /dsa-vm.htm (1325 words)

	Schnorr signature - Wikipedia, the free encyclopedia
		A Schnorr signature is a digital signature scheme based on discrete logarithms.
		All users of the signature scheme agree on a group G with generator g of prime order p in which the discrete log problem is hard.
		Claus-Peter Schnorr, Efficient Signature Generation by Smart Cards, J. Cryptology 4(3), pp161–174 (1991) (PS).
	en.wikipedia.org /wiki/Schnorr_signature (193 words)

	Secret-key certificates - Patent 5606617
		Given the message, the digital signature of the second party, and the information listed with the second party in the public-key directory, the first party is able to verify not only that the digital signature is genuine, but it is also ensured that it was indeed made with a certified key.
		Blind signature protocols, as defined in the art, are issuing protocols in which both the message and the signature of the signer on the message are blinded by the recipient.
		Remarks: As is well-known in the art, the security of the Brickell/McCurley signature scheme is at least as high as that of the Schnorr signature scheme, since as with the Okamoto scheme the underlying identification scheme is known to be witness hiding.
	www.freepatentsonline.com /5606617.html (18911 words)

	Schnorr signature (Site not responding. Last check: 2007-10-08)
		Signature A/S Fremstilling og salg af strik, T-shirts, jakker, bukser, nederdele, shorts og kjoler under mærkerne: Signature classic og Signature experience.
		Signature Creator Delphi forum for creating an HTML signature, using a program created for users of this forum.
		Signatures R Us Signature tags, artists will make static or animated signature graphics for forum use and email.
	www.serebella.com /encyclopedia/article-Schnorr_signature.html (417 words)

	Citations: Message recovery for signature schemes based on the discrete logarithm problem - Nyberg, Rueppel ... (Site not responding. Last check: 2007-10-08)
		Schnorr scheme [33] is defined on a prime order multiplicative subgroup of 7p, with a slight variant of Schnorr category (where h replaces h) E1Gamal projection and type II hash.
		The reason is that the signed messages which are embedded in the signatures are elements of GF (p) In a typical signing process of a blind threshold signature scheme, there are two kinds of participants, the signers and a requester.
		Consider the undeniable signature scheme of Chaum [8] In this scheme the secret key x 0 and public key (G q ; g; h 0 = g x0 ; f(Delta) of the signer are defined as in the Schnorr signature scheme, and an undeniable signature on a message m is m x 0.
	citeseer.ifi.unizh.ch /context/59250/0 (5245 words)

	Schnorr signature: Encyclopedia topic (Site not responding. Last check: 2007-10-08)
		A Schnorr signature is a digital signature (digital signature: more facts about this subject) scheme based on discrete logarithm (discrete logarithm: more facts about this subject) s.
		All users of the signature scheme agree a group (group: (chemistry) two or more atoms bound together as a single unit and forming part of a molecule) with generator of prime order in which the discrete log (discrete log: more facts about this subject) problem is hard.
		Typically a Schnorr group (Schnorr group: more facts about this subject) is used.
	www.absoluteastronomy.com /reference/schnorr_signature (217 words)

	[No title]
		Schnorr signatures have a disadvantage of not fitting neatly into our current model which presents signature schemes in a modular form with a hash function (or a data format) and a signature primitive.
		On 3.3, it was commented that while ISO 9796 signature scheme may indeed be ad.
		The consensus on Fiat-Shamir signature (5.2) was similar to that for the Schnorr signature scheme.
	grouper.ieee.org /groups/1363/WorkingGroup/minutes/Sep96.txt (1026 words)

	[No title]
		The use of Schnorr authentication (a Schnorr signature, in fact, as the challenge is generated from a hash function) between the bank and the user at withdrawal means the user does not have to trust the bank to provide a valid signature on the coin.
		The use of Schnorr authentication between the user and the merchant means that the coin can be spent with a merchant off- line, because double-spenders can be traced after the fact.
		Schnorr authentication also takes place between the user and the observer to prevent double-spending before it occurs, and to assure the user the observer isn't secretly leaking identifying information.
	www.aci.net /kalliste/stefbrdc.htm (5603 words)

	Cryptography-Digest Digest #575
		Schnorr is an active defender of his patent claims >> with regard to the DSA, as indicated by his several posts >> to this List last year James A. Donald <[EMAIL PROTECTED]> accurately noted: >Posts that failed to impress some people on this list.
		Schnorr responded to a thoughtful challenge from Anon on this List last year may wish to read Schnorr's own informal pitch at: (Cut and paste the URL.) But Schnorr's submission to the IEEE PKC working group is >probably still the best source: Mr.
		I think the historic importance of the Schnorr patents (at least in the US) was that, in '92, when Claus Schnorr chose to align himself with RSA rather than sell out to NIST and the NSA, he gave RSA's Jim Bidzos a powerful weapon, at a crucial time, to counter the DSS FIPS.
	www.mail-archive.com /cryptography-digest@senator-bedfellow.mit.edu/msg00782.html (2685 words)

	matsuura-sign-mode-02.txt
		Matsuura, Imai Revised signature mode for IKE [Page 2] INTERNET DRAFT March 2, 2000 (3) As proposed in [AN97], local symmetric-key encryption is used to implement DH key agreement and FT mechanism in a stateless manner.
		As well as the original DSA (Digital Signature Algorithm) [K93] in DSS (Digital Signature Standard) [FIPS94], the shortened DSS is unforgeable by adaptive attackers under the assumptions that discrete logarithm is hard and that the one-way hash function behaves like a random function [Z97], [PS96].
		On the other hand, in the proposed Revised Signature Method (implemented with SDSS or with Schnorr's signature), the attackers also must pay the computational cost of
		q, which is comparable to the cost on the responder's side, 3q.
	ietfreport.isoc.org /idref/draft-matsuura-sign-mode (2581 words)

	[No title]
		The agenda is to discuss encryption, signature, key agreement, have a tour of the museum, and wrap-up.
		We discussed signature schemes, and the justification for the various choices we have made.
		The version 2 items are signature with message recovery (DL and EC cases), key agreement in IF case, long block encryption, signature formatting like Bellare-Rogaway '96 or something equivalent, and SPEKE or something equivalent.
	grouper.ieee.org /groups/1363/WorkingGroup/minutes/Nov96.txt (1859 words)

	Schnorr Signature Scheme with Restricted Signing Capability (ResearchIndex) (Site not responding. Last check: 2007-10-08)
		In the current signature scheme, if we are not aware of lost key, then, an impersonator can generate as many signatures as he/she wants.
		Therefore, it is important to construct a signature scheme strong against key exposure problem.
		But it is an open problem to find a practical signature scheme with resistance to key loss problem.
	citeseer.ist.psu.edu /667335.html (285 words)

	ICS 180: Schedule and Handouts (Site not responding. Last check: 2007-10-08)
		This scheme is similar to the Fiat-Shamir identification scheme, and it forms a basis of the Schnorr Signature scheme [Schnorr, Crypto'89].
		We argue that it is existentially unforgeable under the CMA attack under the discrete logarithm assumption and assuming the random oracle model for a hash function used in this scheme.
		We show the standard Digital Signature Standard (DSS) signature, which can be looked at as a variant of the Schnorr signature scheme (historically DSS was first, but Schnorr signature has better understood security).
	www.ics.uci.edu /~stasio/fall04/outline268.html (976 words)

	COrnell Data EXchange (CODEX): CODEX_Ciphers::ElGamalSchnorrCipherText Class Reference
		Serializable encapsulation of an ElGamal ciphertext with a Schnorr signature to prove plaintext knowledge.
		By including the identity of the encrypting party in the signature, the ciphertext can be verified to have come from a particular principal.
		The ciphertext is used as part of the public key for the Schnorr signature.
	www.umiacs.umd.edu /~mmarsh/CODEX/src_doc/classCODEX__Ciphers_1_1ElGamalSchnorrCipherText.html (251 words)

	Accountable-Subgroup Multisignatures (Site not responding. Last check: 2007-10-08)
		Formal models and security proofs are especially important for multisignatures: in contrast to threshold signatures, no precise definitions were ever provided for such schemes, and some proposals were subsequently broken.
		The signing time per signer is the same as for the single-signer Schnorr scheme, regardless of the number of signers.
		The signature length is the same as for the single-signer Schnorr scheme, regardless of the number of signers.
	www.cs.bu.edu /~reyzin/multisig.html (229 words)

	[No title] (Site not responding. Last check: 2007-10-08)
		In a signature scheme obtained by this Approach the message is not hashed before its signed; The hashing is integrated into the signing algorithm.
		¡&03þ—ó”zª ¨ÄWe will illustrate this by converting the Schnorr scheme to a signature Scheme We use SHS for the hash function.
		(usually 40 bits are good for challenge & response; in the context of signature we need message digest to be large so you can prevent attacks using collisions) Other identification schemes can be converted to signature schemes in a similar fashion.
	www.cs.georgetown.edu /~mahe/350/notes/lec-ident.ppt (478 words)

	[No title]
		69 4 Efficient and Generalized Group Signature Schemes 71 4.1 Introduction.
		86 5 Group Signature Schemes for Large Groups 87 5.1 Introduction.
		124 6.4.2 A Subprotocol: A Modified Blind Schnorr Signa- ture Scheme.
	www.zurich.ibm.com /~jca/papers/diss.contents (294 words)

	Efficient Way for Verifying RSA Digital Signature (Site not responding. Last check: 2007-10-08)
		The Digital Signature Standard (DSS) proposed by the US government in 1991 is one of ElGamal-type signature schemes based on the discrete logarithm problem.
		Since verifying each ElGamal-type signature requires at least two modular exponentiations and modular exponentiation is a computational-intensive operation, it becomes very desirable to use a special-purpose hardware or an efficient software algorithm to speed up the signature verification process.
		Since this approach maintains the same computational load as to verify a single signature, a significant reduction in time for signature verification can be achieved.
	www.cstp.umkc.edu /~harnl/paper9/paper9.htm (1142 words)

	[No title]
		a signature generated at a date/time of 23 November 2001 14hrs:56min:48.05sec (note time resolution is 0.01 of a second) would result in a value for of EMBED Equation.3 .
		The weakness in the implementation is that Alice's signature generation algorithm did not pick EMBED Equation.3 randomly when she signed her first email to Bob.
		This is done by exploiting the bad implementation flaw of the signature generation algorithm.
	neptune.netcomp.monash.edu.au /cpe3001/tutorials/assignment.doc (2829 words)

	sfskey(1): SFS key manager - Linux man page
		0.7, two-party proactive Schnorr signatures (2-Schnorr for short) are supported in addition to Rabin signatures.
		The second is for 2-Schnorr proactive signature keys.
		In the above examples, host1 is the the full hostname of the generating host, n is the public key version, p is the priority of the signing host (1 is the highest) host2 is the full hostname of the signing host, and m is the private key version.
	www.die.net /doc/linux/man/man1/sfskey.1.html (3782 words)

	Reference.com/Encyclopedia/Schnorr signature
		All users of the signature scheme agree a group
		All users agree a cryptographic hash function H. Key generation
		; if a Schnorr group is used and
	www.reference.com /browse/wiki/Schnorr_signature (135 words)

	WDIFF
		Matsuura, Imai Revised signature mode for IKE [Page 2] INTERNET DRAFT September 13, 1999 (3) As proposed in [AN97], local symmetric-key encryption is used to implement DH key agreement and FT mechanism in a stateless manner.
		The first message, a request from the initiator, is the same as that in the Signature Mode; the initiator sends ISAKMP header HDR followed by SA, keying material KE, the initiator's nonce Ni, and his ISAKMP ID IDii.
		When we can assume an ingress filter or some bandwidth restrictions, the responder is usually alive; the blocking probability is lower than 10% if the number of bogus requests per attack is less than 256.
	ietfreport.isoc.org /cgi-bin/htmlwdiff?f1=../all-ids/draft-matsuura-sign-mode-01.txt&f2=../all-ids/draft-matsuura-sign-mode-00.txt (2481 words)

	DBLP: Claus-Peter Schnorr (Site not responding. Last check: 2007-10-08)
		Werner Alexi, Benny Chor, Oded Goldreich, Claus-Peter Schnorr: RSA and Rabin Functions: Certain Parts are as Hard as the Whole.
		Claus-Peter Schnorr, Jean-Paul Van de Wiele: On the Additive Complexity of Polynomials.
		Claus-Peter Schnorr: Improved Lower Bounds on the Number of Multiplications/Divisions which are Necessary of Evaluate Polynomials.
	www.informatik.uni-trier.de /~ley/db/indices/a-tree/s/Schnorr:Claus=Peter.html (1155 words)

	Intrusion-Resilient Key-Evolving Schnorr Signature (ResearchIndex) (Site not responding. Last check: 2007-10-08)
		In this model, the whole lifetime is divided into distinct periods (e.g., days) such that at time period j, the signer holds the secret key SK j and updates it periodically, while the public key PK is fixed during its lifetime.
		0.5: Multi-Certification Signatures and Their Applications to Public..
		85 Signature schemes based on the strong RSA assumption - Cramer, Shoup - 2000
	citeseer.ist.psu.edu /kim03intrusionresilient.html (327 words)

	CYCLOTOMIC POLYNOMIAL CONSTRUCTION OF DISCRETE LOGARITHM CRYPTOSYSTEMS OVER FINITE FIELDS (EP0963635A1)
		Cyclotomic polynomials are used to construct subgroups of multiplicative groups of finite fields that allow very efficient implementation of discrete logarithm based public key cryptosystems, including public key encryption schemes and digital signature schemes.
		A field is represented with an optimal normal basis, and a generator of a subgroup of the multiplicative group of the field is used to form a public key.
		The present invention relates to data security, encryption, and, generating and using electronic signatures to verify the identity of a communicating party.
	www.delphion.com /details?pn=EP00963635A1 (143 words)

Try your search on: Qwika (all wikis)