Re: [Cfrg] Request For Opinions

[Gé Weijers <Ge.Weijers@Sun.COM>]

On Mon, 5 May 2003, David Wagner wrote:

> Notice that DSA allows precomputation.  You can do most of the
> work of the signature ahead of time, before you know the message;
> basically, you create a "blank check" that can later be filled in
> with the message, and most of the work comes in creating the blank
> check (filling in the message is fast).  If you have stretches of
> quiet time punctuated by bursts of activity, you might be able to
> use the idle time for precomputation.

A scheme like GPS could be useful if the efficiency constraints are
severe. It requires only one multi-precision multiplication and no modular
arithmetic in the time-critical signing operation if you generate
use-and-throw coupons during processor idle times. DSA still requires
arithmetic modulo a 160-bit prime.

Patent caveats do apply.

Ge'

-- 
Gé Weijers                mailto:ge.weijers@sun.com
Sun Linux Security Group  Tel: (877)240-7611 x69536
Sun Microsystems, Inc.    Fax: (877)240-7611
_______________________________________________
Cfrg mailing list
Cfrg@ietf.org
https://www1.ietf.org/mailman/listinfo/cfrg