public key algorithm -> signature algorithm (signatures don't necessarily require trapdoor public key crypto)
[Imported from Trac: page NewMutableEncodingDesign, version 19]
parent
c73fd8a6eb
commit
8e076cce41
|
@ -160,7 +160,7 @@ The dirnode encoding would use H(writecap) to protect the child writecaps,
|
|||
H(readcap) to protect the child readcaps, and H(traversapcap) to protect the
|
||||
child verifycap/traversalcaps.
|
||||
|
||||
## Any public key algorithm, no semi-private keys, no traversalcap
|
||||
## Any signature algorithm, no semi-private keys, no traversalcap
|
||||
|
||||
Without semi-private keys, we need something more complicated to protect the
|
||||
readkey: the only thing that can be mathematically derived from the writecap
|
||||
|
@ -199,7 +199,7 @@ with keys shorter than 2*K for a K-bit security level. Since we can use shorter
|
|||
hashes than public keys, the H(pubkey) design above gives us shorter read caps,
|
||||
although they are not shorter than using semi-private keys.
|
||||
|
||||
### Any public key algorithm, no semi-private keys, with traversalcap
|
||||
### Any signature algorithm, no semi-private keys, with traversalcap
|
||||
|
||||
Since a secure pubkey identifier (either H(pubkey)[:K+T] or the original privkey)
|
||||
is present in all caps, it's easy to insert arbitrary intermediate levels. It
|
||||
|
|
Loading…
Reference in a new issue