[cryptography] Merkle Signature Scheme is the most secure signature scheme possible for general-purpose use

Marsh Ray marsh at extendedsubset.com
Fri Sep 3 15:26:21 EDT 2010


On 09/03/2010 01:22 PM, Ben Laurie wrote:
> On 03/09/2010 17:01, Marsh Ray wrote:
>> I played with some simulations with randomly-generated mappings, the
>> observed value would at times wander over 1.0 BoE/log2 N.
>
> I think when I did this, I fully enumerated the behaviour of a truncated
> hash (e.g. the first 20 bits of MD5).

I represented the mapping entirely as a table in RAM (it sure is nice 
living in the age of the 4 GB laptop). Instead of truncated MD5, I 
initialized my table from a good but non-crypto PRNG. Having it in a 
table made it practical to do many repeated applications and watch how 
the rate of entropy loss varied.

I should clean up that code and graph the output, it seemed to be making 
some interesting curves.

- Marsh



More information about the cryptography mailing list