Re: multiple digitale signatures

[Sönke Maseberg <maseberg@xxxxxxxxxxxxxxxx>]

Jim,

what I mean by proofable secure signature algorithm is a mathematical proof for its
correctness. Please show me a signature algorithm and the mathematical proof that it is
not possible
- to calculate private key from knowledge of public key,
- to calculate private key from knowledge of public key and some signatures
- to calculate private key from knowledge of public key and some signatures with the
signed document,
- to generate a valid signature from other signatures or
- to change a document without change of the signature (compromise of the hashfunction)
IMHO there is only experience that the signature algorithms are suitable for signature
creation but no proof.

Sönke


jim schrieb:

> Sonke,
>     I am not sure what you mean by proofable secure.  Please clarify.  If you mean
> that it is not by itself secure and therefore proof of its secureness cannot be
> verified after the fact, then I do understand, but if you are saying that signatures
> are inherently not able to provide proof of the authenticity of the signee, then
> that is the reason that many CP and CPSs require the use of encryption any time
> something is going to be signed.  In this manner, the encryption outer wrapping
> protects the integrity of the signature providing proofability of the authenticity
> of the signature.  IMHO, both have to be there.
> Jim
>