Big Chemical Encyclopedia

Chemical substances, components, reactions, process design ...

Articles Figures Tables About

Bottom-up tree authentication

A complete formal description and a proof of a special case of bottom-up tree authentication (an optimized construction from strong claw-intractable families of permutation pairs) can be found in [Pfit89, PfWa90]. Hence only a sketch is presented here, whereas top-down tree authentication is treated in more detail. [Pg.322]

For simplicity, only complete binary trees are considered. One could use trees of any other shape, but the shape must be fixed during main key generation (in contrast to the following top-down tree authentication), and it must be clear from the public key. [Pg.322]

The main public key test verifies that mk is a possible hash value, i.e., that its length is len°(k). [Pg.322]

Thin black arrows denote the relation between a one-time secret key and the corresponding one-time main public key, broad grey arrows denote one-time signatures, and the tree is constructed by repeatedly hashing pairs of values. Values skjemp are abbreviated as sk. [Pg.323]

For instance, the complete correct signature j on m3 consists of the encircled nodes. To test it, the recipient s entity reconstructs the nodes in squares. [Pg.323]


Two types of tree authentication exist. The one mentioned so far will be called bottom-up tree authentication, the other one top-down tree authentication... [Pg.144]

If one uses such a fast hash function in bottom-up tree authentication for a fail-stop signature scheme, the overhead for the tree part (for trees of reasonable size, such as depth 20) is small in comparison with the actual signature, at least in time complexity. (This is why one-time signature schemes with tree authentication are still considered in practice, see Section 2.4.)... [Pg.145]

Figure 10.1. Fail-stop signature scheme with bottom-up tree authentication. Figure 10.1. Fail-stop signature scheme with bottom-up tree authentication.
Theorem 10.10 (Bottom-up tree authentication). Construction 10.9 defines the components of a standard fail-stop signature scheme with prekey for signing an arbitrary number of messages. If the underlying signature scheme fulfils the simplified security criteria from Theorem 7.34, the new scheme fulfils them, too, and is therefore secure. [Pg.324]

Remark 10.12 (Optimization). Bottom-up tree authentication can be optimized in several ways. [Pg.325]

What makes top-down tree authentication more flexible than bottom-up tree authentication is that the entity need not generate all the one-time key pairs in advance, in contrast to the basic idea described above. Instead, it can start with not much more than the leftmost branch of the tree. Details can be seen in Construction 10.13 and Figure 10.2. [Pg.326]

One can use bottom-up tree authentication so that the public key is short. (This does not follow from Theorem 10.10, but it is easy to see.)... [Pg.343]

The abbreviated names of the constructions mean bottom-up tree authentication (10.9), top-down tree authentication (10.13), top-down tree authentication with a small amount of private storage (10.19), the discrete-logarithm scheme with minimized secret key (10.22) without combination with tree authentication, and the construction with a list-shaped tree for a fixed recipient from Section 10.6. The first column of lower bounds is for standard fail-stop signature schemes (Sections 11.3 and 11.4), the second one for standard information-theoretically secure signature schemes (Section 11.5) here the length of a test key has been entered in the row with the public keys. [Pg.367]

For the upper bounds on standard fail-stop signature schemes, the constructions are based on the discrete-logarithm scheme (Lemmas 9.12 and 9.14). Bottom-up tree authentication is evaluated for the case where the risk bearers trust a fast hash... [Pg.367]


See other pages where Bottom-up tree authentication is mentioned: [Pg.322]    [Pg.322]    [Pg.323]    [Pg.325]    [Pg.326]    [Pg.331]    [Pg.322]    [Pg.322]    [Pg.323]    [Pg.325]    [Pg.326]    [Pg.331]    [Pg.369]   
See also in sourсe #XX -- [ Pg.144 , Pg.322 ]




SEARCH



Authenticity

Bottom-up

© 2024 chempedia.info