Shortcut digital signature verification failure
Lucky Green
shamrock at cypherpunks.to
Fri Jun 21 17:58:16 EDT 2002
Bill wrote:
> I have been thinking about how to limit denial of service
> attacks on a server which will have to verify signatures on
> certain transactions. It seems that an attacker can just
> send random (or even not so random) data for the signature
> and force the server to perform extensive processing just to
> reject the transaction.
>
> If there is a digital signature algorithm which has the
> property that most invalid signatures can be detected with a
> small amount of processing, then I can force the attacker to
> start expending his CPU to present signatures which will
> cause my server to expend it's CPU. This might result in a
> better balance between the resources needed by the attacker
> and those needed by the server.
Neat idea. So neat in fact that RSA Security has a patent on it. :-)
Sorry, I don't have the patent number handy.
--Lucky
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list