Trjtdtk

Do I need an EFI partition for each 18.04 ubuntu I have on my HD?

Why are there no stars visible in cislunar space?

What will the Frenchman say?

What is this high flying aircraft over Pennsylvania?

Mortal danger in mid-grade literature

Is xar preinstalled on macOS?

Why is the intercept typed in as a 1 in stats packages (R, python)

Naïve RSA decryption in Python

Why is participating in the European Parliamentary elections used as a threat?

Should a narrator ever describe things based on a characters view instead of fact?

When did hardware antialiasing start being available?

PTIJ: If Haman would have fallen with no one around to hear him fall, would that still have made a sound?

Why didn't Voldemort know what Grindelwald looked like?

Recursively updating the MLE as new observations stream in

Emojional cryptic crossword

How to find the largest number(s) in a list of elements, possibly non-unique?

PTIJ: Which Dr. Seuss books should one obtain?

Exposing a company lying about themselves in a tightly knit industry (videogames) : Is my career at risk on the long run?

Air travel with refrigerated insulin

How do you justify more code being written by following clean code practices?

Do native speakers use "ultima" and "proxima" frequently in spoken English?

What kind of footwear is suitable for walking in micro gravity environment?

Magento 2: Make category field required in product form in backend

Data prepration for logistic regression : Value either "not available" or a "year"

Is there a symmetric-key algorithm which we can use for creating a signature?

Digital Signature using symmetric key cryptographyUse of ElGamal encryption for signature generationIs there a multiple asymmetric encryption algorithm, which requires all private keys to reveal the secret?Is there an asymmetric algorithm that can perform double encryption?Do key collisions for symmetric ciphers exist?Public key encryption algorithm for short messagesHow to correctly use RSA for digital signature with hashing?Value of new symmetric key algorithmIs there a complete list of Signature Algorithm names?Can a TLS certificate using ECC secp384r1 as PK algorithm uses RSA for signature

3

$begingroup$

I know that in the asymmetric-key algorithm the RSA signature exists but what about the symmetrical ones?

rsa public-key signature symmetric

share|improve this question

edited 2 days ago

kelalaka

8,44322351

asked 2 days ago

LarsusLarsus

184

New contributor

Larsus is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

$endgroup$

add a comment | 

3

$begingroup$

I know that in the asymmetric-key algorithm the RSA signature exists but what about the symmetrical ones?

rsa public-key signature symmetric

share|improve this question

edited 2 days ago

kelalaka

8,44322351

asked 2 days ago

LarsusLarsus

184

New contributor

Larsus is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

$endgroup$

add a comment | 

$begingroup$

I know that in the asymmetric-key algorithm the RSA signature exists but what about the symmetrical ones?

rsa public-key signature symmetric

share|improve this question

edited 2 days ago

kelalaka

8,44322351

asked 2 days ago

LarsusLarsus

184

New contributor

Larsus is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

$endgroup$

share|improve this question

edited 2 days ago

kelalaka

8,44322351

asked 2 days ago

LarsusLarsus

184

New contributor

Larsus is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share|improve this question

edited 2 days ago

kelalaka

8,44322351

asked 2 days ago

LarsusLarsus

184

New contributor

Larsus is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

edited 2 days ago

kelalaka

8,44322351

edited 2 days ago

kelalaka

8,44322351

asked 2 days ago

LarsusLarsus

184

New contributor

Larsus is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

asked 2 days ago

LarsusLarsus

184

1 Answer
1

active

oldest

votes

7

$begingroup$

Symmetric analogue of signatures.
The symmetric analogue of a signature is variously called a message authentication code, MAC, or authenticator. The same key is used to create and verify authentication tags on messages.

Consequently, unlike signatures, third parties can't meaningfully verify MACs: if Alice sends a message with a MAC to Bob, Bob can't use the MAC to persuade Charlie that Alice sent the message because Bob could have created the MAC too.

Typical examples include HMAC-SHA256, keyed BLAKE2, KMAC128, AES-GMAC (which requires a distinct nonce for each message), and Poly1305 (which alone can be used only for one message per key). Authenticators are often combined with ciphers to make authenticated ciphers like crypto_secretbox_xsalsa20poly1305 or AES-GCM, which simultaneously prevent eavesdropping and forgery.

Signatures built out of hashes.
You can also make a public-key signature scheme out of a collision-resistant hash function $H$, like SHA-256.

In the traditional one-time signature scheme of Lamport, you randomly generate a collection of 512 bit strings $x_0,0, x_0,1, dots, x_0,255; x_1,0, x_1,1, dots, x_1,255$, and publish $y_b,i = H(x_b,i)$ as your public key. To sign the message $m$, let $b_i$ be the $i^mathitth$ bit of $H(m)$; the signature is $x_b_0,0, x_b_1,1, dots, x_b_255,255$—that is, you reveal $x_0,i$ if the $i^mathitth$ bit of $H(m)$ was zero, and $x_1,i$ if the $i^mathitth$ bit was one. Anyone can verify this using your public key by checking whether $y_b_i,i = H(x_b_i,i)$, but only you knew the preimages $x_b_i,i$ in advance.

Modern variants like SPHINCS extend this idea to many messages, and eliminate the need for collision resistance of $H$ in order to go faster.

There's no symmetric keys here but sometimes hashes are considered to fall into symmetric-key cryptography, since, e.g., the function $k mapsto operatornameAES_k(0)$ is supposed to be an irreversible hash.

share|improve this answer

edited yesterday

answered 2 days ago

Squeamish OssifrageSqueamish Ossifrage

20.4k13188

$endgroup$

add a comment | 

Your Answer

StackExchange.ifUsing("editor", function ()
return StackExchange.using("mathjaxEditing", function ()
StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix)
StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["$", "$"], ["\\(","\\)"]]);
);
);
, "mathjax-editing");

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "281"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

Larsus is a new contributor. Be nice, and check out our Code of Conduct.

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f68065%2fis-there-a-symmetric-key-algorithm-which-we-can-use-for-creating-a-signature%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

7

$begingroup$

Symmetric analogue of signatures.
The symmetric analogue of a signature is variously called a message authentication code, MAC, or authenticator. The same key is used to create and verify authentication tags on messages.

Consequently, unlike signatures, third parties can't meaningfully verify MACs: if Alice sends a message with a MAC to Bob, Bob can't use the MAC to persuade Charlie that Alice sent the message because Bob could have created the MAC too.

Typical examples include HMAC-SHA256, keyed BLAKE2, KMAC128, AES-GMAC (which requires a distinct nonce for each message), and Poly1305 (which alone can be used only for one message per key). Authenticators are often combined with ciphers to make authenticated ciphers like crypto_secretbox_xsalsa20poly1305 or AES-GCM, which simultaneously prevent eavesdropping and forgery.

Signatures built out of hashes.
You can also make a public-key signature scheme out of a collision-resistant hash function $H$, like SHA-256.

In the traditional one-time signature scheme of Lamport, you randomly generate a collection of 512 bit strings $x_0,0, x_0,1, dots, x_0,255; x_1,0, x_1,1, dots, x_1,255$, and publish $y_b,i = H(x_b,i)$ as your public key. To sign the message $m$, let $b_i$ be the $i^mathitth$ bit of $H(m)$; the signature is $x_b_0,0, x_b_1,1, dots, x_b_255,255$—that is, you reveal $x_0,i$ if the $i^mathitth$ bit of $H(m)$ was zero, and $x_1,i$ if the $i^mathitth$ bit was one. Anyone can verify this using your public key by checking whether $y_b_i,i = H(x_b_i,i)$, but only you knew the preimages $x_b_i,i$ in advance.

Modern variants like SPHINCS extend this idea to many messages, and eliminate the need for collision resistance of $H$ in order to go faster.

There's no symmetric keys here but sometimes hashes are considered to fall into symmetric-key cryptography, since, e.g., the function $k mapsto operatornameAES_k(0)$ is supposed to be an irreversible hash.

share|improve this answer

edited yesterday

answered 2 days ago

Squeamish OssifrageSqueamish Ossifrage

20.4k13188

$endgroup$

add a comment | 

7

$begingroup$

Symmetric analogue of signatures.
The symmetric analogue of a signature is variously called a message authentication code, MAC, or authenticator. The same key is used to create and verify authentication tags on messages.

Consequently, unlike signatures, third parties can't meaningfully verify MACs: if Alice sends a message with a MAC to Bob, Bob can't use the MAC to persuade Charlie that Alice sent the message because Bob could have created the MAC too.

Typical examples include HMAC-SHA256, keyed BLAKE2, KMAC128, AES-GMAC (which requires a distinct nonce for each message), and Poly1305 (which alone can be used only for one message per key). Authenticators are often combined with ciphers to make authenticated ciphers like crypto_secretbox_xsalsa20poly1305 or AES-GCM, which simultaneously prevent eavesdropping and forgery.

Signatures built out of hashes.
You can also make a public-key signature scheme out of a collision-resistant hash function $H$, like SHA-256.

In the traditional one-time signature scheme of Lamport, you randomly generate a collection of 512 bit strings $x_0,0, x_0,1, dots, x_0,255; x_1,0, x_1,1, dots, x_1,255$, and publish $y_b,i = H(x_b,i)$ as your public key. To sign the message $m$, let $b_i$ be the $i^mathitth$ bit of $H(m)$; the signature is $x_b_0,0, x_b_1,1, dots, x_b_255,255$—that is, you reveal $x_0,i$ if the $i^mathitth$ bit of $H(m)$ was zero, and $x_1,i$ if the $i^mathitth$ bit was one. Anyone can verify this using your public key by checking whether $y_b_i,i = H(x_b_i,i)$, but only you knew the preimages $x_b_i,i$ in advance.

Modern variants like SPHINCS extend this idea to many messages, and eliminate the need for collision resistance of $H$ in order to go faster.

There's no symmetric keys here but sometimes hashes are considered to fall into symmetric-key cryptography, since, e.g., the function $k mapsto operatornameAES_k(0)$ is supposed to be an irreversible hash.

share|improve this answer

edited yesterday

answered 2 days ago

Squeamish OssifrageSqueamish Ossifrage

20.4k13188

$endgroup$

add a comment | 

$begingroup$

Symmetric analogue of signatures.
The symmetric analogue of a signature is variously called a message authentication code, MAC, or authenticator. The same key is used to create and verify authentication tags on messages.

Consequently, unlike signatures, third parties can't meaningfully verify MACs: if Alice sends a message with a MAC to Bob, Bob can't use the MAC to persuade Charlie that Alice sent the message because Bob could have created the MAC too.

Typical examples include HMAC-SHA256, keyed BLAKE2, KMAC128, AES-GMAC (which requires a distinct nonce for each message), and Poly1305 (which alone can be used only for one message per key). Authenticators are often combined with ciphers to make authenticated ciphers like crypto_secretbox_xsalsa20poly1305 or AES-GCM, which simultaneously prevent eavesdropping and forgery.

Signatures built out of hashes.
You can also make a public-key signature scheme out of a collision-resistant hash function $H$, like SHA-256.

In the traditional one-time signature scheme of Lamport, you randomly generate a collection of 512 bit strings $x_0,0, x_0,1, dots, x_0,255; x_1,0, x_1,1, dots, x_1,255$, and publish $y_b,i = H(x_b,i)$ as your public key. To sign the message $m$, let $b_i$ be the $i^mathitth$ bit of $H(m)$; the signature is $x_b_0,0, x_b_1,1, dots, x_b_255,255$—that is, you reveal $x_0,i$ if the $i^mathitth$ bit of $H(m)$ was zero, and $x_1,i$ if the $i^mathitth$ bit was one. Anyone can verify this using your public key by checking whether $y_b_i,i = H(x_b_i,i)$, but only you knew the preimages $x_b_i,i$ in advance.

Modern variants like SPHINCS extend this idea to many messages, and eliminate the need for collision resistance of $H$ in order to go faster.

There's no symmetric keys here but sometimes hashes are considered to fall into symmetric-key cryptography, since, e.g., the function $k mapsto operatornameAES_k(0)$ is supposed to be an irreversible hash.

share|improve this answer

edited yesterday

answered 2 days ago

Squeamish OssifrageSqueamish Ossifrage

20.4k13188

$endgroup$

share|improve this answer

edited yesterday

answered 2 days ago

Squeamish OssifrageSqueamish Ossifrage

20.4k13188

answered 2 days ago

Squeamish OssifrageSqueamish Ossifrage

20.4k13188

answered 2 days ago

Squeamish OssifrageSqueamish Ossifrage

20.4k13188