Shortcut digital signature verification failure

[Ed Gerck]

A DoS would not pitch one client against one server. A distributed attack
using several clients could overcome any single server advantage.  A
scalable strategy would be a queue system for distributing load to
a pool of servers and a rating system for early rejection of repeated
bad queries from a source. The rating system would reset the source rating
after a pre-defined time, much like anti-congestion mechanisms on the Net.
Fast rejection of bogus signatures would help, but not alone.

Cheers,
Ed Gerck

Bill Frantz wrote:

> I have been thinking about how to limit denial of service attacks on a
> server which will have to verify signatures on certain transactions.  It
> seems that an attacker can just send random (or even not so random) data
> for the signature and force the server to perform extensive processing just
> to reject the transaction.
>
> If there is a digital signature algorithm which has the property that most
> invalid signatures can be detected with a small amount of processing, then
> I can force the attacker to start expending his CPU to present signatures
> which will cause my server to expend it's CPU.  This might result in a
> better balance between the resources needed by the attacker and those
> needed by the server.
>
> Cheers - Bill
>
> -------------------------------------------------------------------------
> Bill Frantz           | The principal effect of| Periwinkle -- Consulting
> (408)356-8506         | DMCA/SDMI is to prevent| 16345 Englewood Ave.
> frantz at pwpconsult.com | fair use.              | Los Gatos, CA 95032, USA
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com