Signature Schemes (with Recovery)
10 views
Skip to first unread message
Jeffrey Walton
May 26, 2007, 12:28:44 PM5/26/07
to Crypto++
Hi Wei,
I want to verify that I have not missed something in the Library. I
desire to develop metrics using RSA, Rabin, and Nyberg-Rueppel
Signature Schemes with Recovery. Crtypo++ has RSA. But it appears
Rabin and Nyberg-Rueppel are not part of the Library. Is this correct?
Jeff
Wei Dai
May 26, 2007, 2:43:41 PM5/26/07
to Jeffrey Walton, Crypto++
NR with recovery is not in Crypto++. It's patented and I think a better
alternative would be a pairing-based short signature scheme. But I'm still
waiting for something even better to be invented. One candidate was a coding
based scheme, but it turned out to be broken. See
http://groups.google.com/group/sci.crypt/browse_frm/thread/351ede73af57d6bb/91124598f8a181bd?&hl=en#91124598f8a181bd.
alternative would be a pairing-based short signature scheme. But I'm still
waiting for something even better to be invented. One candidate was a coding
based scheme, but it turned out to be broken. See
http://groups.google.com/group/sci.crypt/browse_frm/thread/351ede73af57d6bb/91124598f8a181bd?&hl=en#91124598f8a181bd.
Rabin-Williams with recovery is available as RWSS<PSSR, SHA512>.
Jeffrey Walton
May 26, 2007, 3:02:19 PM5/26/07
to Wei Dai, Crypto++
Hi Wei,
> http://groups.google.com/group/sci.crypt/browse_frm/thread/351ede73af57d6bb/91124598f8a181bd?&hl=en#91124598f8a181bd.
Impressive... In a post regarding bounding of Goppa codes, you have
uncovered an unknown attack that the authors of the McEliece-based
short signature requested to be made party.
All in a day's work for you!
Jeff
Reply all
Reply to author
Forward
0 new messages