theory: unconditional security
Amir Herzberg
amir at beesites.co.il
Thu Feb 21 04:28:14 EST 2002
> I suspect you find little written about OTP work because people
have
> always assumed the keys were impractical to distribute, store and
> use.
Another concern with OTP and other unconditionally-secure schemes is
that they usually require limited number of applications of the key
(usually, use once). This introduces a substantial synchronization /
reliability / security problem for many applications.
Notice that unconditionally secure authentication and signatures are in
fact used in scenarios where the limited use can be easily assured, such
as in online/offline signatures, used e.g. for micropayments and for
multicast encryption. In these cases, a `regular` offline signature
(e.g. RSA) is used to sign in advance (offline) the public key of the
one-time signature scheme. The one-time signature is applied when
processing online the message to be signed (with very little time). Of
course, the reason one-time signatures are used for these applications
is because they are faster, not because they are unconditionally secure.
Regards, Amir Herzberg
See http://amir.beesites.co.il/book.html for lectures and
draft-chapters from book-in-progress, `secure communication and commerce
using cryptography`; feedback welcome!
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list