PK -> OTP?

Matt Crawford crawdad at fnal.gov
Mon Mar 14 10:46:04 EST 2005


My educated-layman's opinion is that the following is not feasible, but 
I'd be happy to be shown wrong ...

Given a closed public-key device such as a typical smart card with its 
limited set of operations (chiefly "sign"), is it possible to implement 
a challenge/response function such that

* Both the challenge and the response are short enough for an average 
user to be willing to type them when needed.

* The challenge can be generated, and the response verified using the 
cardholder's public key and a reasonable amount of computation.

My reasoning is that the full output of the signing function will 
almost always be as long as the key, if only response = f(signature) is 
given, with f having a range in some set of size ~ 2^32, verifying 
response must be nearly as hard as brute-force guessing.

                 Matt Crawford   <crawdad at fnal.gov>




---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list