Re: Efficent Digital Signature Schemes.....

From: Paul Crowley (paul@JUNKCATCHER.ciphergoth.org)
Date: 02/22/03 

From: Paul Crowley <paul@JUNKCATCHER.ciphergoth.org>
Date: Sat, 22 Feb 2003 00:25:07 GMT

Paul <dontspamme@null.org> writes:

> >Is it running on a smart card?
>
> No it would be logging:
> GPS based position
> altitude data (both pressure and GPS)
>
> It is a tool for recording Sailplane flights in a way that
> is secure, for FAI soaring badges, contests and even world records!
>
> The private key is stored inside a sealed unit with a barometer port
> and GPS receiver.
>
> It spits out a data record with a digital signature.
> The public key is widely distributed as a software tool,
> it must be able to verify that a data file generated by the sealed
> unit has not been modified.

How come you only need the same security as RSA-512, in that case?
The first public 512-bit factorization was completed nearly four years
ago; these days it doesn't offer that much protection. DSA is based
on a different hard problem, discrete logarithm, but it turns out that
the current best algorithm against factorisation is also the current best
against discrete log, so they're currently roughly as hard as each
other. I'd recommend at least 768 bits if you want to be secure for
just a few years.

Note also that tamper resistance/tamper evidence is Really Hard. If
you haven't read Ross Anderson's "Security Engineering", it is
*essential* that you do so.

You'll need a high-quality RNG. Look at the design of Yarrow;
obviously AES can be substituted in place of Triple-DES.

I would certainly recommend very strongly that every unit have a
different private key which it generates itself and never reveals, and
that the public key then be signed by the manufacturer along with
information about its manufacture. As I said before, group parameters
can be shared.

Incidentally, I'm sure you've thought of this, but record and sign the
raw GPS data, not the converted coordinates. That way you can correct
for ionospheric distortion by applying DGPS after the fact...

You'll still be vulnerable to attacks from GPS jammers of course.

Can I persuade you to provide a spam-trapped email address in your
.sig? I understand why you don't want to provide it where spammers
can get it, but it's polite to provide an address for humans. 

-- 
  __  Paul Crowley
\/ o\ sig@paul.ciphergoth.org
/\__/ http://www.ciphergoth.org/

Relevant Pages

  • Re: HELP! Ive been had! Someone hacked into my Linux box. What now?
    ... I thought my passwords were pretty secure... ... People need your private key to be able to authenticate ... the people have to know your public key to be able to recover ...
    (comp.os.linux.security)
  • Re: Asymmetric encryption questions
    ... >>> I want to use public, private key encryption so after looking at the ... >>> Do I need to extract out the public key for my client or just provide ... >> .NET has no managed support for secure key storage. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: I have installed my digital certificate,but where is my public key?
    ... You don't need to worry about your public key. ... I posted to you once how to secure your privacy, ... Personally I have certificates for such purposes (on-line ... have a backup of your private key in secure place (e.g. exported and ...
    (microsoft.public.security)
  • Re: Pubkey integrity check
    ... To do this in a more secure way, ... > You can always require that the public key be transmitted in PGP ... > pair automatically has access to the private key. ... Ofcourse, but since everyone can just edit ~/.ssh/authorized_keys, I got to ...
    (comp.security.ssh)
  • RE: PGP scripting...
    ... cryptosystems, ... In these systems divulging your private key compromises the public ... Here is a quick over view of the public key encryption routines (the ...
    (SecProg)