Seth Schoen's Hard to Verify Signatures

John Kelsey kelsey.j at
Wed Sep 8 13:36:52 PDT 2004

>From: "\"Hal Finney\"" <hal at>
>Sent: Sep 8, 2004 2:48 PM
>To: cypherpunks at
>Subject: Seth Schoen's Hard to Verify Signatures

>The method Seth describes is to include a random value in the signature
>but not to include it in the message.  He shows a sample signature
>with 3 decimal digits hidden.  The only way to verify it is to try all
>possibilities for the random values.  By controlling how much data is
>hidden in this way, the signer can control how long it will take to
>verify the signature.

I've seen this described in a paper by Abadi, Lomas & Needham as an alternative to a high iteration count for password hashing.  

>Hal Finney

--John Kelsey

More information about the cypherpunks-legacy mailing list