-----BEGIN PGP SIGNED MESSAGE-----
At 10:37 PM 7/19/00 -0400, Steven M. Bellovin wrote:
>The important thing is that the random number really has to be
>random and unguessable.
There was a clever trick for doing signatures like this without a
random number generator, using the one way hash function and the
private key only. I am away from my library right now, so I can't
look up the reference, but the gist of the idea is:
r = hash(hash(private key),hash(message))
and then expand r to the necessary length by one of the standard
mechanisms, e.g.
r0 = hash(0,r)
r1 = hash(1,r)
...
r_n = hash(n,r)
The idea is that if the hash has some nice pseudorandomness
properties and is really one-way, we get everything we need from r
(or r0,r1,...,r_n) without a random number generator.
> --Steve Bellovin
- --John Kelsey, [EMAIL PROTECTED]
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.1 Int. for non-commercial use
<http://www.pgpinternational.com>
Comment: foo
iQCVAwUBOXi8YyZv+/Ry/LrBAQG/vwP9FobkadCISdMVYvJrXyqy0wl8KUQ7tBI9
GRN65CO0AFGYj22gydrTOMvnrVYO8x126h8vhMn3lo5+gXG7XeWeCszojeoUOC57
zR2/IuYMbKTnZ9vjK9RG0OoR1lwmY12wOQjeOhELZuy+5Fc6xd9HCwpcpxG2tyUW
XDWv23YwC4k=
=g34l
-----END PGP SIGNATURE-----
