Is there a symmetric-key algorithm which we can use for creating a signature?
Clash Royale CLAN TAG#URR8PPP
$begingroup$
I know that in the asymmetric-key algorithm the RSA signature exists but what about the symmetrical ones?
rsa public-key signature symmetric
$endgroup$
add a comment |
$begingroup$
I know that in the asymmetric-key algorithm the RSA signature exists but what about the symmetrical ones?
rsa public-key signature symmetric
$endgroup$
add a comment |
$begingroup$
I know that in the asymmetric-key algorithm the RSA signature exists but what about the symmetrical ones?
rsa public-key signature symmetric
$endgroup$
I know that in the asymmetric-key algorithm the RSA signature exists but what about the symmetrical ones?
rsa public-key signature symmetric
rsa public-key signature symmetric
edited Mar 16 at 22:21
kelalaka
8,79532351
8,79532351
asked Mar 16 at 16:13
LarsusLarsus
184
184
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
$begingroup$
Symmetric analogue of signatures.
The symmetric analogue of a signature is variously called a message authentication code, MAC, or authenticator. The same key is used to create and verify authentication tags on messages.
Consequently, unlike signatures, third parties can't meaningfully verify MACs: if Alice sends a message with a MAC to Bob, Bob can't use the MAC to persuade Charlie that Alice sent the message because Bob could have created the MAC too.
Typical examples include HMAC-SHA256, keyed BLAKE2, KMAC128, AES-GMAC (which requires a distinct nonce for each message), and Poly1305 (which alone can be used only for one message per key). Authenticators are often combined with ciphers to make authenticated ciphers like crypto_secretbox_xsalsa20poly1305 or AES-GCM, which simultaneously prevent eavesdropping and forgery.
Signatures built out of hashes.
You can also make a public-key signature scheme out of a collision-resistant hash function $H$, like SHA-256.
In the traditional one-time signature scheme of Lamport, you randomly generate a collection of 512 bit strings $x_0,0, x_0,1, dots, x_0,255; x_1,0, x_1,1, dots, x_1,255$, and publish $y_b,i = H(x_b,i)$ as your public key. To sign the message $m$, let $b_i$ be the $i^mathitth$ bit of $H(m)$; the signature is $x_b_0,0, x_b_1,1, dots, x_b_255,255$—that is, you reveal $x_0,i$ if the $i^mathitth$ bit of $H(m)$ was zero, and $x_1,i$ if the $i^mathitth$ bit was one. Anyone can verify this using your public key by checking whether $y_b_i,i = H(x_b_i,i)$, but only you knew the preimages $x_b_i,i$ in advance.
Modern variants like SPHINCS extend this idea to many messages, and eliminate the need for collision resistance of $H$ in order to go faster.
There's no symmetric keys here but sometimes hashes are considered to fall into symmetric-key cryptography, since, e.g., the function $k mapsto operatornameAES_k(0)$ is supposed to be an irreversible hash.
$endgroup$
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "281"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f68065%2fis-there-a-symmetric-key-algorithm-which-we-can-use-for-creating-a-signature%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
$begingroup$
Symmetric analogue of signatures.
The symmetric analogue of a signature is variously called a message authentication code, MAC, or authenticator. The same key is used to create and verify authentication tags on messages.
Consequently, unlike signatures, third parties can't meaningfully verify MACs: if Alice sends a message with a MAC to Bob, Bob can't use the MAC to persuade Charlie that Alice sent the message because Bob could have created the MAC too.
Typical examples include HMAC-SHA256, keyed BLAKE2, KMAC128, AES-GMAC (which requires a distinct nonce for each message), and Poly1305 (which alone can be used only for one message per key). Authenticators are often combined with ciphers to make authenticated ciphers like crypto_secretbox_xsalsa20poly1305 or AES-GCM, which simultaneously prevent eavesdropping and forgery.
Signatures built out of hashes.
You can also make a public-key signature scheme out of a collision-resistant hash function $H$, like SHA-256.
In the traditional one-time signature scheme of Lamport, you randomly generate a collection of 512 bit strings $x_0,0, x_0,1, dots, x_0,255; x_1,0, x_1,1, dots, x_1,255$, and publish $y_b,i = H(x_b,i)$ as your public key. To sign the message $m$, let $b_i$ be the $i^mathitth$ bit of $H(m)$; the signature is $x_b_0,0, x_b_1,1, dots, x_b_255,255$—that is, you reveal $x_0,i$ if the $i^mathitth$ bit of $H(m)$ was zero, and $x_1,i$ if the $i^mathitth$ bit was one. Anyone can verify this using your public key by checking whether $y_b_i,i = H(x_b_i,i)$, but only you knew the preimages $x_b_i,i$ in advance.
Modern variants like SPHINCS extend this idea to many messages, and eliminate the need for collision resistance of $H$ in order to go faster.
There's no symmetric keys here but sometimes hashes are considered to fall into symmetric-key cryptography, since, e.g., the function $k mapsto operatornameAES_k(0)$ is supposed to be an irreversible hash.
$endgroup$
add a comment |
$begingroup$
Symmetric analogue of signatures.
The symmetric analogue of a signature is variously called a message authentication code, MAC, or authenticator. The same key is used to create and verify authentication tags on messages.
Consequently, unlike signatures, third parties can't meaningfully verify MACs: if Alice sends a message with a MAC to Bob, Bob can't use the MAC to persuade Charlie that Alice sent the message because Bob could have created the MAC too.
Typical examples include HMAC-SHA256, keyed BLAKE2, KMAC128, AES-GMAC (which requires a distinct nonce for each message), and Poly1305 (which alone can be used only for one message per key). Authenticators are often combined with ciphers to make authenticated ciphers like crypto_secretbox_xsalsa20poly1305 or AES-GCM, which simultaneously prevent eavesdropping and forgery.
Signatures built out of hashes.
You can also make a public-key signature scheme out of a collision-resistant hash function $H$, like SHA-256.
In the traditional one-time signature scheme of Lamport, you randomly generate a collection of 512 bit strings $x_0,0, x_0,1, dots, x_0,255; x_1,0, x_1,1, dots, x_1,255$, and publish $y_b,i = H(x_b,i)$ as your public key. To sign the message $m$, let $b_i$ be the $i^mathitth$ bit of $H(m)$; the signature is $x_b_0,0, x_b_1,1, dots, x_b_255,255$—that is, you reveal $x_0,i$ if the $i^mathitth$ bit of $H(m)$ was zero, and $x_1,i$ if the $i^mathitth$ bit was one. Anyone can verify this using your public key by checking whether $y_b_i,i = H(x_b_i,i)$, but only you knew the preimages $x_b_i,i$ in advance.
Modern variants like SPHINCS extend this idea to many messages, and eliminate the need for collision resistance of $H$ in order to go faster.
There's no symmetric keys here but sometimes hashes are considered to fall into symmetric-key cryptography, since, e.g., the function $k mapsto operatornameAES_k(0)$ is supposed to be an irreversible hash.
$endgroup$
add a comment |
$begingroup$
Symmetric analogue of signatures.
The symmetric analogue of a signature is variously called a message authentication code, MAC, or authenticator. The same key is used to create and verify authentication tags on messages.
Consequently, unlike signatures, third parties can't meaningfully verify MACs: if Alice sends a message with a MAC to Bob, Bob can't use the MAC to persuade Charlie that Alice sent the message because Bob could have created the MAC too.
Typical examples include HMAC-SHA256, keyed BLAKE2, KMAC128, AES-GMAC (which requires a distinct nonce for each message), and Poly1305 (which alone can be used only for one message per key). Authenticators are often combined with ciphers to make authenticated ciphers like crypto_secretbox_xsalsa20poly1305 or AES-GCM, which simultaneously prevent eavesdropping and forgery.
Signatures built out of hashes.
You can also make a public-key signature scheme out of a collision-resistant hash function $H$, like SHA-256.
In the traditional one-time signature scheme of Lamport, you randomly generate a collection of 512 bit strings $x_0,0, x_0,1, dots, x_0,255; x_1,0, x_1,1, dots, x_1,255$, and publish $y_b,i = H(x_b,i)$ as your public key. To sign the message $m$, let $b_i$ be the $i^mathitth$ bit of $H(m)$; the signature is $x_b_0,0, x_b_1,1, dots, x_b_255,255$—that is, you reveal $x_0,i$ if the $i^mathitth$ bit of $H(m)$ was zero, and $x_1,i$ if the $i^mathitth$ bit was one. Anyone can verify this using your public key by checking whether $y_b_i,i = H(x_b_i,i)$, but only you knew the preimages $x_b_i,i$ in advance.
Modern variants like SPHINCS extend this idea to many messages, and eliminate the need for collision resistance of $H$ in order to go faster.
There's no symmetric keys here but sometimes hashes are considered to fall into symmetric-key cryptography, since, e.g., the function $k mapsto operatornameAES_k(0)$ is supposed to be an irreversible hash.
$endgroup$
Symmetric analogue of signatures.
The symmetric analogue of a signature is variously called a message authentication code, MAC, or authenticator. The same key is used to create and verify authentication tags on messages.
Consequently, unlike signatures, third parties can't meaningfully verify MACs: if Alice sends a message with a MAC to Bob, Bob can't use the MAC to persuade Charlie that Alice sent the message because Bob could have created the MAC too.
Typical examples include HMAC-SHA256, keyed BLAKE2, KMAC128, AES-GMAC (which requires a distinct nonce for each message), and Poly1305 (which alone can be used only for one message per key). Authenticators are often combined with ciphers to make authenticated ciphers like crypto_secretbox_xsalsa20poly1305 or AES-GCM, which simultaneously prevent eavesdropping and forgery.
Signatures built out of hashes.
You can also make a public-key signature scheme out of a collision-resistant hash function $H$, like SHA-256.
In the traditional one-time signature scheme of Lamport, you randomly generate a collection of 512 bit strings $x_0,0, x_0,1, dots, x_0,255; x_1,0, x_1,1, dots, x_1,255$, and publish $y_b,i = H(x_b,i)$ as your public key. To sign the message $m$, let $b_i$ be the $i^mathitth$ bit of $H(m)$; the signature is $x_b_0,0, x_b_1,1, dots, x_b_255,255$—that is, you reveal $x_0,i$ if the $i^mathitth$ bit of $H(m)$ was zero, and $x_1,i$ if the $i^mathitth$ bit was one. Anyone can verify this using your public key by checking whether $y_b_i,i = H(x_b_i,i)$, but only you knew the preimages $x_b_i,i$ in advance.
Modern variants like SPHINCS extend this idea to many messages, and eliminate the need for collision resistance of $H$ in order to go faster.
There's no symmetric keys here but sometimes hashes are considered to fall into symmetric-key cryptography, since, e.g., the function $k mapsto operatornameAES_k(0)$ is supposed to be an irreversible hash.
edited Mar 17 at 17:10
answered Mar 16 at 16:20
Squeamish OssifrageSqueamish Ossifrage
22.6k132101
22.6k132101
add a comment |
add a comment |
Thanks for contributing an answer to Cryptography Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
Use MathJax to format equations. MathJax reference.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f68065%2fis-there-a-symmetric-key-algorithm-which-we-can-use-for-creating-a-signature%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown