Re: Re: What the verifier can do

On Sun, 30 Apr 2006, Eric Rescorla wrote:

> (2) You have a signature algorithm with message recovery
>    (meaning that you can extract the hash from the signature).
>    Again, this is only true of RSA.

Doesn't that require public key to be able to get hash out of RSA 
signature (and in fact requires doing RSA crypto which "expensive")? 
And isn't this system working only because you're basicly using reverse
of original RSA for purposes of digital signatures?

Although I suspect for programmer optimization its not quite as bad as
I originally thought. If you have original data in "z" and you know 
something has been changed, you can in parallel do calculation of hashes 
(based on original values and if you really want of the header data
in the messge) while at the same time in paraller running decryption. 
Then in the end the values are all verified which is simple and quick 
operation. But the slowest point here is probably getting public key
from dns; it would have been possible to  optimize this 3 way-parallel 
if public key was in the signture (i.e. then do RSA crypto, do hash and 
get public key or fingerprint all at same time and then 2 comparisons of 
the results).

--
William Leibzon
Elan Networks
william@xxxxxxxx