unforgeable optical tokens?
Bill Frantz
frantz at pwpconsult.com
Tue Sep 24 16:51:19 EDT 2002
At 5:11 PM -0700 9/20/02, David Wagner wrote:
>Perry E. Metzger wrote:
>>But if you can't simulate the system, that implies that the challenger
>>has to have stored the challenge-response pairs because he can't just
>>generate them, right? That means that only finitely many are likely to
>>be stored. Or was this thought of too?
>
>I believe the idea is that there are gazillions of possible challenges.
>The challenger picks a thousand randomly in advance, scans the token
>from the corresponding thousand different angles to get the thousand
>responses, and stores all them. Then, later, the challenger can select
>one of his stored challenges, pass it to a remote entity, and demand
>the correct answer. Of course, a challenger must never re-use the same
>challenge twice.
If the challenger selects several of his stored challenges, and asks the
token reader to return a secure hash of the answers (in order), no
information will be leaked about the response to any individual challenge.
This procedure will allow the challenger to perform a large number of
verifications with a relatively small number of stored challenge-response
pairs.
Cheers - Bill
-------------------------------------------------------------------------
Bill Frantz | The principal effect of| Periwinkle -- Consulting
(408)356-8506 | DMCA/SDMI is to prevent| 16345 Englewood Ave.
frantz at pwpconsult.com | fair use. | Los Gatos, CA 95032, USA
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list