[Cryptography] Komitments
Peter Fairbrother
peter at tsto.co.uk
Wed Dec 19 06:50:08 EST 2018
On 18/12/18 19:07, Kristian Gjøsteen wrote:
> 18. des. 2018 kl. 18:06 skrev Phillip Hallam-Baker <phill at hallambaker.com>:
>> r = random (128)
>> witness= Base32t ( SHA-2-512 (s + r))
>> […]
>> I am sure this has been done before, just didn't see it in the books I looked at. Is there an obvious flaw?
>
> This is a standard construction (see Wikipedia). It can be proven secure, even under quite weak assumptions.
>
Yep.
Banks in the UK and probably elsewhere use something similar for card
transactions - the card hashes the transaction data and a secret key
kept in the card. The issuing bank knows the secret key, and redoes the
hash - if it matches, you get to keep the goods.
The link between bank and reader is encrypted (usually), but not the
link between card reader and card. This means the card only has to be
able to compute a hash, not a cipher. Which makes the cards cheaper.
(OK, OK, yes it's a little more complicated than that - but basically
that's how it works)
Peter Fairbrother
More information about the cryptography
mailing list