MerkleLamport signatures Signatures from any oneway function - PowerPoint PPT Presentation

1 / 17
About This Presentation
Title:

MerkleLamport signatures Signatures from any oneway function

Description:

The red parts are given out to sign green is public key. How ... A 'casual' approach requires O(n) work to compute a node, where n is the number of leaves... – PowerPoint PPT presentation

Number of Views:117
Avg rating:3.0/5.0
Slides: 18
Provided by: sukamol
Category:

less

Transcript and Presenter's Notes

Title: MerkleLamport signatures Signatures from any oneway function


1
Merkle/Lamport signaturesSignatures from any
one-way function
2
Recall What functions are hard?
DES/AES Stream ciphers Hash functions
RSA Factorization Discrete log
Speed action
Graphs
Size representation
3
Public key
Called Lamport signature Problem uses up
public key!
4
Avoid using up public key
5
Avoid using up public key
6
Avoid using up public key
Longer longer!
A Merkle signature
7
Merkle signatures with a tree
The red parts are given out to sign green is
public key
8
How is a signature verified?

Pair-wise hashing compare root with known value
9
Avoiding birthday attacks
The input to each hash step is a counter and an
identifier
10
Are all values stored?
  • We can generate leaf values on the fly by
    making the secret keys of these be outputs of a
    Pseudo Random Generator that takes as input the
    leaf position, the secret key index, and a secret
    seed.
  • (But the interior nodes cannot be generated like
    this.)

11
How to maintain the tree?
  • You can store it all (thats a lot of storage!)
  • You can compute the nodes you want when you want
    them (thats a lot of work!)
  • You can amortize the computation by storing a
    part and computing a little each time. (JLMS, S)

12
Goal and Metrics
  • Output sequence of (leaf preimage,
    authentication path)
  • Metrics minimize computation and storage

13
Why is this difficult?
  • The value of each interior node depends on all
    its descendants
  • A casual approach requires O(n) work to compute
    a node, where n is the number of leaves
  • or needs O(n) values to be stored
  • We want to reduce both to poly-logarithmic!

14
Static view of storage
Blue areas contain pebbles, storing the tree
values.
15
Dynamic view of storage
  • Existing subtrees in blue, desired subtrees in
    grey

16
Computation of desired subtrees
Blue pebbles where filled, tail hanging below.
17
Three phases
  • Key generation (other computer ok)
  • Output (by weak computer)
  • Verification (traditional)
  • For a description of the algorithm, see paper.
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "MerkleLamport signatures Signatures from any oneway function" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!