Anonymous Credit
Ben Laurie
ben at algroup.co.uk
Tue, 04 Sep 2001 15:18:10 +0100
David Wagner wrote:
>
> Ben Laurie wrote:
> >Interesting ... this reminds me of a protocol Angelos Keromytis and I
> >were discussing recently (during IETF, in fact) to allow the efficient
> >authentication of a stream of data without having to wait for the end.
> >We feel sure this must have already been invented, but neither of us is
> >aware of any previous publication. Here it is:
> >
> >At the head of the stream, present a signature for X_0. X_0 is the hash
> >of the concenation of the first block of data and X_1. X_1 is the hash
> >of the concatenation of the second block and X_2, and so forth.
> >[...]
> >Note that this is only applicable to a stream whose contents were known
> >to the sender in advance, of course - the situation we were envisaging
> >was downloading and unpacking packages on the fly, and wanting to be
> >sure they haven't been subverted.
>
> This sounds like the scheme proposed by Rosario Gennaro and Pankaj Rohatgi
> at CRYPTO'97. See <http://citeseer.nj.nec.com/gennaro97how.html> for more.
It is indeed the "off-line" scheme they propose. Thanks for the info.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff