I don't know PAIN...
John Kelsey
kelsey.j at ix.netcom.com
Wed Dec 31 22:31:09 EST 2003
At 12:38 PM 12/29/03 -0500, Jerrold Leichter wrote:
...
>Merkle's knapsack systems (which didn't work out for other reasons) had the
>property that the public key was computed directly from the private key.
>(The private key had a special form, while the public key was supposed to
>look like a random instance of the knapsack problem.)
This is the same for discrete log schemes, in general. (Maybe there are
some for which it's not the case.) Your private key is x, your public key
is g^x mod p. Also for one-time signature schemes and their hash-tree
based extensions, which use nothing but a hash function, and for all the
variants of the Merkle puzzle schemes I can think of. (Which are public
key, but just barely.)
...
> -- Jerry
--John Kelsey, kelsey.j at ix.netcom.com
PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list