public key algorithm -> signature algorithm (signatures don't necessarily require trapdoor public key crypto)
[Imported from Trac: page NewMutableEncodingDesign, version 19]
davidsarah
parent
c73fd8a6eb
commit
8e076cce41
|
|
@ -160,7 +160,7 @@ The dirnode encoding would use H(writecap) to protect the child writecaps,
|
||||||
H(readcap) to protect the child readcaps, and H(traversapcap) to protect the
|
H(readcap) to protect the child readcaps, and H(traversapcap) to protect the
|
||||||
child verifycap/traversalcaps.
|
child verifycap/traversalcaps.
|
||||||
|
|
||||||
## Any public key algorithm, no semi-private keys, no traversalcap
|
## Any signature algorithm, no semi-private keys, no traversalcap
|
||||||
|
|
||||||
Without semi-private keys, we need something more complicated to protect the
|
Without semi-private keys, we need something more complicated to protect the
|
||||||
readkey: the only thing that can be mathematically derived from the writecap
|
readkey: the only thing that can be mathematically derived from the writecap
|
||||||
|
|
@ -199,7 +199,7 @@ with keys shorter than 2*K for a K-bit security level. Since we can use shorter
|
||||||
hashes than public keys, the H(pubkey) design above gives us shorter read caps,
|
hashes than public keys, the H(pubkey) design above gives us shorter read caps,
|
||||||
although they are not shorter than using semi-private keys.
|
although they are not shorter than using semi-private keys.
|
||||||
|
|
||||||
### Any public key algorithm, no semi-private keys, with traversalcap
|
### Any signature algorithm, no semi-private keys, with traversalcap
|
||||||
|
|
||||||
Since a secure pubkey identifier (either H(pubkey)[:K+T] or the original privkey)
|
Since a secure pubkey identifier (either H(pubkey)[:K+T] or the original privkey)
|
||||||
is present in all caps, it's easy to insert arbitrary intermediate levels. It
|
is present in all caps, it's easy to insert arbitrary intermediate levels. It
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue