Is there a symmetric-key algorithm which we can use for creating a signature?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP












3












$begingroup$


I know that in the asymmetric-key algorithm the RSA signature exists but what about the symmetrical ones?










share|improve this question











$endgroup$
















    3












    $begingroup$


    I know that in the asymmetric-key algorithm the RSA signature exists but what about the symmetrical ones?










    share|improve this question











    $endgroup$














      3












      3








      3





      $begingroup$


      I know that in the asymmetric-key algorithm the RSA signature exists but what about the symmetrical ones?










      share|improve this question











      $endgroup$




      I know that in the asymmetric-key algorithm the RSA signature exists but what about the symmetrical ones?







      rsa public-key signature symmetric






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Mar 16 at 22:21









      kelalaka

      8,79532351




      8,79532351










      asked Mar 16 at 16:13









      LarsusLarsus

      184




      184




















          1 Answer
          1






          active

          oldest

          votes


















          7












          $begingroup$

          Symmetric analogue of signatures.
          The symmetric analogue of a signature is variously called a message authentication code, MAC, or authenticator. The same key is used to create and verify authentication tags on messages.



          Consequently, unlike signatures, third parties can't meaningfully verify MACs: if Alice sends a message with a MAC to Bob, Bob can't use the MAC to persuade Charlie that Alice sent the message because Bob could have created the MAC too.



          Typical examples include HMAC-SHA256, keyed BLAKE2, KMAC128, AES-GMAC (which requires a distinct nonce for each message), and Poly1305 (which alone can be used only for one message per key). Authenticators are often combined with ciphers to make authenticated ciphers like crypto_secretbox_xsalsa20poly1305 or AES-GCM, which simultaneously prevent eavesdropping and forgery.



          Signatures built out of hashes.
          You can also make a public-key signature scheme out of a collision-resistant hash function $H$, like SHA-256.



          In the traditional one-time signature scheme of Lamport, you randomly generate a collection of 512 bit strings $x_0,0, x_0,1, dots, x_0,255; x_1,0, x_1,1, dots, x_1,255$, and publish $y_b,i = H(x_b,i)$ as your public key. To sign the message $m$, let $b_i$ be the $i^mathitth$ bit of $H(m)$; the signature is $x_b_0,0, x_b_1,1, dots, x_b_255,255$—that is, you reveal $x_0,i$ if the $i^mathitth$ bit of $H(m)$ was zero, and $x_1,i$ if the $i^mathitth$ bit was one. Anyone can verify this using your public key by checking whether $y_b_i,i = H(x_b_i,i)$, but only you knew the preimages $x_b_i,i$ in advance.



          Modern variants like SPHINCS extend this idea to many messages, and eliminate the need for collision resistance of $H$ in order to go faster.



          There's no symmetric keys here but sometimes hashes are considered to fall into symmetric-key cryptography, since, e.g., the function $k mapsto operatornameAES_k(0)$ is supposed to be an irreversible hash.






          share|improve this answer











          $endgroup$













            Your Answer








            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "281"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: false,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            imageUploader:
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            ,
            noCode: true, onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );













            draft saved

            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f68065%2fis-there-a-symmetric-key-algorithm-which-we-can-use-for-creating-a-signature%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            7












            $begingroup$

            Symmetric analogue of signatures.
            The symmetric analogue of a signature is variously called a message authentication code, MAC, or authenticator. The same key is used to create and verify authentication tags on messages.



            Consequently, unlike signatures, third parties can't meaningfully verify MACs: if Alice sends a message with a MAC to Bob, Bob can't use the MAC to persuade Charlie that Alice sent the message because Bob could have created the MAC too.



            Typical examples include HMAC-SHA256, keyed BLAKE2, KMAC128, AES-GMAC (which requires a distinct nonce for each message), and Poly1305 (which alone can be used only for one message per key). Authenticators are often combined with ciphers to make authenticated ciphers like crypto_secretbox_xsalsa20poly1305 or AES-GCM, which simultaneously prevent eavesdropping and forgery.



            Signatures built out of hashes.
            You can also make a public-key signature scheme out of a collision-resistant hash function $H$, like SHA-256.



            In the traditional one-time signature scheme of Lamport, you randomly generate a collection of 512 bit strings $x_0,0, x_0,1, dots, x_0,255; x_1,0, x_1,1, dots, x_1,255$, and publish $y_b,i = H(x_b,i)$ as your public key. To sign the message $m$, let $b_i$ be the $i^mathitth$ bit of $H(m)$; the signature is $x_b_0,0, x_b_1,1, dots, x_b_255,255$—that is, you reveal $x_0,i$ if the $i^mathitth$ bit of $H(m)$ was zero, and $x_1,i$ if the $i^mathitth$ bit was one. Anyone can verify this using your public key by checking whether $y_b_i,i = H(x_b_i,i)$, but only you knew the preimages $x_b_i,i$ in advance.



            Modern variants like SPHINCS extend this idea to many messages, and eliminate the need for collision resistance of $H$ in order to go faster.



            There's no symmetric keys here but sometimes hashes are considered to fall into symmetric-key cryptography, since, e.g., the function $k mapsto operatornameAES_k(0)$ is supposed to be an irreversible hash.






            share|improve this answer











            $endgroup$

















              7












              $begingroup$

              Symmetric analogue of signatures.
              The symmetric analogue of a signature is variously called a message authentication code, MAC, or authenticator. The same key is used to create and verify authentication tags on messages.



              Consequently, unlike signatures, third parties can't meaningfully verify MACs: if Alice sends a message with a MAC to Bob, Bob can't use the MAC to persuade Charlie that Alice sent the message because Bob could have created the MAC too.



              Typical examples include HMAC-SHA256, keyed BLAKE2, KMAC128, AES-GMAC (which requires a distinct nonce for each message), and Poly1305 (which alone can be used only for one message per key). Authenticators are often combined with ciphers to make authenticated ciphers like crypto_secretbox_xsalsa20poly1305 or AES-GCM, which simultaneously prevent eavesdropping and forgery.



              Signatures built out of hashes.
              You can also make a public-key signature scheme out of a collision-resistant hash function $H$, like SHA-256.



              In the traditional one-time signature scheme of Lamport, you randomly generate a collection of 512 bit strings $x_0,0, x_0,1, dots, x_0,255; x_1,0, x_1,1, dots, x_1,255$, and publish $y_b,i = H(x_b,i)$ as your public key. To sign the message $m$, let $b_i$ be the $i^mathitth$ bit of $H(m)$; the signature is $x_b_0,0, x_b_1,1, dots, x_b_255,255$—that is, you reveal $x_0,i$ if the $i^mathitth$ bit of $H(m)$ was zero, and $x_1,i$ if the $i^mathitth$ bit was one. Anyone can verify this using your public key by checking whether $y_b_i,i = H(x_b_i,i)$, but only you knew the preimages $x_b_i,i$ in advance.



              Modern variants like SPHINCS extend this idea to many messages, and eliminate the need for collision resistance of $H$ in order to go faster.



              There's no symmetric keys here but sometimes hashes are considered to fall into symmetric-key cryptography, since, e.g., the function $k mapsto operatornameAES_k(0)$ is supposed to be an irreversible hash.






              share|improve this answer











              $endgroup$















                7












                7








                7





                $begingroup$

                Symmetric analogue of signatures.
                The symmetric analogue of a signature is variously called a message authentication code, MAC, or authenticator. The same key is used to create and verify authentication tags on messages.



                Consequently, unlike signatures, third parties can't meaningfully verify MACs: if Alice sends a message with a MAC to Bob, Bob can't use the MAC to persuade Charlie that Alice sent the message because Bob could have created the MAC too.



                Typical examples include HMAC-SHA256, keyed BLAKE2, KMAC128, AES-GMAC (which requires a distinct nonce for each message), and Poly1305 (which alone can be used only for one message per key). Authenticators are often combined with ciphers to make authenticated ciphers like crypto_secretbox_xsalsa20poly1305 or AES-GCM, which simultaneously prevent eavesdropping and forgery.



                Signatures built out of hashes.
                You can also make a public-key signature scheme out of a collision-resistant hash function $H$, like SHA-256.



                In the traditional one-time signature scheme of Lamport, you randomly generate a collection of 512 bit strings $x_0,0, x_0,1, dots, x_0,255; x_1,0, x_1,1, dots, x_1,255$, and publish $y_b,i = H(x_b,i)$ as your public key. To sign the message $m$, let $b_i$ be the $i^mathitth$ bit of $H(m)$; the signature is $x_b_0,0, x_b_1,1, dots, x_b_255,255$—that is, you reveal $x_0,i$ if the $i^mathitth$ bit of $H(m)$ was zero, and $x_1,i$ if the $i^mathitth$ bit was one. Anyone can verify this using your public key by checking whether $y_b_i,i = H(x_b_i,i)$, but only you knew the preimages $x_b_i,i$ in advance.



                Modern variants like SPHINCS extend this idea to many messages, and eliminate the need for collision resistance of $H$ in order to go faster.



                There's no symmetric keys here but sometimes hashes are considered to fall into symmetric-key cryptography, since, e.g., the function $k mapsto operatornameAES_k(0)$ is supposed to be an irreversible hash.






                share|improve this answer











                $endgroup$



                Symmetric analogue of signatures.
                The symmetric analogue of a signature is variously called a message authentication code, MAC, or authenticator. The same key is used to create and verify authentication tags on messages.



                Consequently, unlike signatures, third parties can't meaningfully verify MACs: if Alice sends a message with a MAC to Bob, Bob can't use the MAC to persuade Charlie that Alice sent the message because Bob could have created the MAC too.



                Typical examples include HMAC-SHA256, keyed BLAKE2, KMAC128, AES-GMAC (which requires a distinct nonce for each message), and Poly1305 (which alone can be used only for one message per key). Authenticators are often combined with ciphers to make authenticated ciphers like crypto_secretbox_xsalsa20poly1305 or AES-GCM, which simultaneously prevent eavesdropping and forgery.



                Signatures built out of hashes.
                You can also make a public-key signature scheme out of a collision-resistant hash function $H$, like SHA-256.



                In the traditional one-time signature scheme of Lamport, you randomly generate a collection of 512 bit strings $x_0,0, x_0,1, dots, x_0,255; x_1,0, x_1,1, dots, x_1,255$, and publish $y_b,i = H(x_b,i)$ as your public key. To sign the message $m$, let $b_i$ be the $i^mathitth$ bit of $H(m)$; the signature is $x_b_0,0, x_b_1,1, dots, x_b_255,255$—that is, you reveal $x_0,i$ if the $i^mathitth$ bit of $H(m)$ was zero, and $x_1,i$ if the $i^mathitth$ bit was one. Anyone can verify this using your public key by checking whether $y_b_i,i = H(x_b_i,i)$, but only you knew the preimages $x_b_i,i$ in advance.



                Modern variants like SPHINCS extend this idea to many messages, and eliminate the need for collision resistance of $H$ in order to go faster.



                There's no symmetric keys here but sometimes hashes are considered to fall into symmetric-key cryptography, since, e.g., the function $k mapsto operatornameAES_k(0)$ is supposed to be an irreversible hash.







                share|improve this answer














                share|improve this answer



                share|improve this answer








                edited Mar 17 at 17:10

























                answered Mar 16 at 16:20









                Squeamish OssifrageSqueamish Ossifrage

                22.6k132101




                22.6k132101



























                    draft saved

                    draft discarded
















































                    Thanks for contributing an answer to Cryptography Stack Exchange!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid


                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.

                    Use MathJax to format equations. MathJax reference.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f68065%2fis-there-a-symmetric-key-algorithm-which-we-can-use-for-creating-a-signature%23new-answer', 'question_page');

                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown






                    Popular posts from this blog

                    How to check contact read email or not when send email to Individual?

                    Displaying single band from multi-band raster using QGIS

                    How many registers does an x86_64 CPU actually have?