dual-use digital signature vulnerability
Amir Herzberg
herzbea at macs.biu.ac.il
Thu Jul 22 07:37:35 EDT 2004
Barney Wolff wrote:
> Pardon a naive question, but shouldn't the signing algorithm allow the
> signer to add two nonces before and after the thing to be signed, and
> make the nonces part of the signature? That would eliminate the risk
> of ever signing something exactly chosen by an attacker, or at least
> so it would seem.
Most (secure) signature schemes actually include the randomization as
part of their process, so adding nonces to the text before signing is
not necessary. OTOH, I don't see any problem in defining between the
parties (in the `meta-contract` defining their use of public key
signatures) that the signed documents are structured with a random field
before and after the `actual contract`, as long as the fields are well
defined.
--
Best regards,
Amir Herzberg
Associate Professor, Computer Science Dept., Bar Ilan University
http://amirherzberg.com (information and lectures in cryptography &
security)
Mirror site: http://www.mfn.org/~herzbea/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: herzbea.vcf
Type: text/x-vcard
Size: 343 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20040722/7b63570d/attachment.vcf>
More information about the cryptography
mailing list