Jump to content

Talk:Public-key cryptography/Archive 2

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia
Archive 1Archive 2

Proposal for New Parent Article (Asymmetric Encryption) and Subsequent Merger of this Article (Public-key cryptography) into New Parent Article

Ok, as far as I understand it (I'm currently behind a whitelist and unable to access verification but I can do this later today), Public-key cryptography is NOT the same as Asymmetric encryption, but rather is worked example of aspects of Asymmetric encryption in use practically. The reason I bring this up is that Asymmetric encryption currently redirects to here. This is grossly incorrect and the complete lack of a parent article on Asymmetric encryption as a form of encryption in it's entirety is rather disturbing to say the least considering it's widespread perpetuation through IT. I propose that Asymmetric encryption be come an article in it's own right and that Public-key cryptography be merged into said article as either a child article of the new parent or as a section of the new article functioning as an in-depth worked example of practical application of Asymmetric encryption. This ensures that Wikipedia effectively and efficiently covers the field by defining and explaining the top-level algorithm itself and then goes on to provide further knowledge by providing real-world examples of the algorithm in use, such as Public-key cryptography. This is a much more logical heirarchy of the article and it's non-existant parent in the scheme of things in this field, in my opinion. Terkaal (talk) 07:06, 20 February 2012 (UTC)

Read through the older revisions of this talk page to see if the point had been raised before, it was interesting to see that it had been but yet alarming to see the response to it. In the past where this was raised, at a point where an article concerning Asymmetric encryption did indeed exist, the agreed upon course of action was to wipe clean that article and have serve as a simple redirector to Public-key cryptography. Excuse my tone here for a second but, WHAT O_O!?. The argument used was that Public-key cryptography used aspects of Asymmetric encryption as well as other systems to achieve it's intended purpose. Alright, that's great. Now what I can't get my head around is how that somehow justified eliminating the entire article (despite there are other systems which are not Public-key cryptography) and repurposing it into a sign reading "Here, check out Public-key cryptography instead. It's not the same thing as what you searched for, you'd fail the CompTIA Security+ exam if you sat under the impression it was, and it doesn't even use all the aspects of what you searched for, but we think you'll like it anyway.". To the average user, and perhaps a tad higher than that too, this can easily confuse them into thinking they are one and the same thing. Is there some sort of bias going on here or a conflict of interests? Since this article and the philosophy of those who are contributing to it overall seem to be resembling that of a forum community defending their favourite anime rather than a group of users aiming to make a fair, balanced and accurate digital encyclopedia for the masses. I appreciate that may have been a bit harsh, but if you can look past the use of creative prose here, I think the point I'm trying to make is worthy of some review. Terkaal (talk) 07:26, 20 February 2012 (UTC)

I trust you'll agree that public-key cryptography is a subset of asymmetric cryptography. The question for me is are these distinct. What is asymmetric but not public-key? Skippydo (talk) 05:33, 23 February 2012 (UTC)

Well I wouldn't so much as say PK-Cryptography is a subset of asymmetric cryptography, but rather that it is based on the approach taken towards encryption as defined by asymmetric cryptography.

Asymmetric Cryptography in the simplest of terms is that data to be encrypted is done so with two keys, one used to encrypt and one used to decrypt. The key used to encrypt, cannot be used to decrypt and vice versa. Two or more non-symmetrical keys. That's it.

As for what is done with these keys and and the data is then a case of how a particular method chooses to best utilise these two keys. Public-Key Cryptography is the most common implementation of the Asymmetric foundation but that's not to say that makes the two one and the same.

For an analogy, look at synchronous transmission and phone calls. A telecommunication through a phone uses synchronous transmission and (incoming opinion) I would probably say that the most common usage of synchronous transmission is a phone call, this does not however make synchronous transmission a phone call and nor does it make a phone call synchronous transmission (You don't see girls saying "Hey, here's my number, send me a Synchronous Transmission some time" after all).

That's the point I'm trying to make, yes Public Key Cryptography is the most common implementation of the asymmetrical approach towards encryption and decryption, yes the entirety of Asymmetrical Cryptography is the cornerstone foundation of Public Key Cryptography, but this does not make them one and the same.

Now I do understand that in the field of cryptography and between those knowledgable in the field, that the two are treated and referred to as being one and the same for effecive purposes, but Wikipedia is a neutral encyclopedia aiming to be informative on collective knowledge and part of that means taking a logical approach towards it's heirarchy.

I would support a mention clarifying that the two are commonly accepted as being the same thing due to the near exclusive manifestation being public-key cryptography, but again, just because the democratic majority holds the opinion to merge the two, doesn't contest with the fact that the two are logically seperate, but being built upon for use in the case of Public Key Cryptography.

In it's present state, this merge is very confusing to those learning the area or doing research, a senior trainer and I had to spend a good 2 hours trying to wean out the opinion that they are logically the same from a class of students studying IT the other day entirely because of this article. I can only imagine this as not an exclusive case. Terkaal (talk) 07:45, 23 February 2012 (UTC)

I was hoping for a more concise answer. I'm trying to fill a Venn diagram of public-key and asymmetric cryptography with examples. What is an example of a scheme which is asymmetric but not public-key? What is an example of a scheme which is public-key but not asymmetric? Skippydo (talk) 18:06, 23 February 2012 (UTC)

My appologies for the rather long response there, Without going into personal details as to why, in the context of logical discussion involving thought and ongoing analysis, I find I am only able to do so while bringing forward the entirety of my logical process in the context of the current point, query or idea. Now, on point...

Well answering that question entirely is not possible because of a fundemental difference in what the two are. Asymmetric Encryption, is simply an approach towards encryption through use of 2 or more keys to perform seperate tasks, it doesn't have to be be one to encrypt or one to decrypt, even if you had multiple keys to perform encryption through a segmented sequence, that's assymmetric encryption, the data has been encrypted and multiple keys were used to perform the encryption, decryption doesn't even come into the picture here unless we're looking at then communicating the data or reverting back to the state pre-encryption. Of course it seems totally non-sensical that you would ever want to encrypt data without ever considering decrypting it but for the sake of painting the picture, if encryption has been performed with 2 or more keys which are non identical, that fits the logical critera as per the definition of the prefix'd word "As-Symmetric" while also fitting the criteria of being encrypted.

Now say, we want to actually make use of this now encrypted data, of course we're going to need to be able to decrypt it using a key, which must not be identical to any of the keys used in the encryption or decryption process in order to remain asymmetrical. We might use 1 or more non-identical keys purposed for decryption which would be provided to any application, individual, hardware or whatever may wish to decrypt data, which would make it public-key cryptography. Then again at the same time we might have a theoretical dedicated cryptoprocessor which may encrypt data and decrypt data with different keys but at no point share any of these keys outside of the dedicated cryptographic process, thus protecting against cold boot attacks as an example. Or then again another theoretical machine which would encrypt data using one key but then treat the data in a polymorphic fashion while not providing a key to decrypt, if the same machine were to then decrypt the data, it would be required to calculate a fitting key in reverse from the encrypted data at the current time, thus producing a key to decrypt the data which is again asymmetrical but not public key.

As for Public Key but not Asymmetrical, that doesn't work. Public-Key is an approach to utilising Asymmetrical Cryptography Theory in a practical application. Thermal Radiators provide heat through convection, convection being a theory, a Thermal Radiator being a practical application of the theory of convection. Public-Key Cryptography utilises Asymmetrical Cryptography, providing encryption and decryption through practical application of the theory of Asymmetrical Cryptography. Just as a Thermal Radiator is fundementally application of convection, convection is not a Thermal Radiator, we can say Public-key Cryptography is at it's fundementals an application of the theory of Asmmetrical Cryptography, The theory of Asymmetrical Cryptography is not Public-key Cryptography.

Asymmetrical Cryptography is mathematical theory. Public-key Cryptography is real world practical application of this mathematical theory, albiet the most common and possibly the only to date application of this mathematical theory.

What I'm questioning here, is it is appropiate to unify the theory and a specific application of the theory, on the basis that no additional applications of said theory have either been developed and put in use, or have yet to gain significant percentage to be recognised.

At most, it might be appropiate to declare Public-key Cryptography as being the real world application of the theory, exlusive, primary or even most common, but not to write off asymmetrical encryption's identity as a mathematical theory.

At it's fundementals, the objection I raise is one based upon a question of logic, rather than validity of existing data. If there's anything you'd like me to develop upon here logically, please do ask and I'll happily enter further discussion. Terkaal (talk) 05:19, 26 February 2012 (UTC)

None of this addresses my question so let me try a different approach. Can you point to where in scholarship the distinction between these two things are made? I just need a title, author, and journal, no essay required. Skippydo (talk) 05:38, 26 February 2012 (UTC)

That's all you wanted? Why didn't you say so in the first place ^^ Sure, I'll look up some acredited evidence in a few hours once I'm done with some work I have on my hands. In the mean time however, till I can get access to such information, take a look at the History section here which shows what I mean in itself. The research was going into finding a system in which information could be encrypted but decrypted from a seperate key, if what I am to understand from the history section here is correct, then it makes it clear that the concept of using one such key as a shared key was an inherently obvious but entirely seperate concept from the initial writings on using multiple and different keys to perform encryption and decryption, albiet inspired by writings on shared keys. Terkaal (talk) 09:21, 26 February 2012 (UTC)

I'm not aware of sources that find it important to distinguish asymmetric-key cryptography and public-key cryptography. On the other hand a reputable source that does not distinguish between the two terms is the Handbook of applied cryptography by Menezies, van Oorshot and Vanstone. Figure 1.1 (page 5): A taxonomy of cryptographic primitives uses the terms "symmetric-key primitives" and "public-key primitives" side by side and there is no category of primitives in between them. Hence I see no reason for wikipedia to add such a category. 178.195.230.127 (talk) 05:46, 7 March 2012 (UTC)

This entry should reference the Lucas-based public-key and other algorithms, which are listed as Applications of the Lucas sequences Wikipedia entry. Peter Smith.118.92.203.118 (talk) 10:17, 17 March 2013 (UTC)

Encryption flow chart diagram doesn't match article text

The second encryption flow chart diagram ("I will pay $500") does not match the article text.

The diagram shows the private key used for encryption and public key used for decryption. However the article says the opposite: public key is used for encryption and private key for decryption.

The article says: "The publicly available encrypting-key is widely distributed, while the private decrypting-key is known only to its proprietor", also "a message encrypted with a recipient's public key cannot be decrypted by anyone except a possessor of the matching private key". Either the article or diagram need changing. I assume the diagram is wrong. Someone with expertise in this area needs to validate this and make the change. Joema (talk) 15:16, 10 April 2013 (UTC) joema

The diagram is wrong, i've removed it. Skippydo (talk) 03:23, 11 April 2013 (UTC)

Readers questions (Concepts that could use some clarification from contributors)

1. The article might be improved for a general audience by a single first sentence that states the goal of this technology, -the problem it is trying to solve, using specific but self contained language. For example, "The purpose of encryption is to sent a message from a sender to a receiver with only the receiver being able to read the contents." -perhaps this is wrong, but you get the idea. Some of us are not exactly sure since this is not our field.

2. Does this technology require that the sender and receiver already be in possession of the public and private keys? Or does this term and this discussion cover how that happens. It should be emphasized that the security arises more from how the two keys are created and securely delivered to each party, if that's true. The article could be improved by separating the discussion of how the keys are used to achieve encryption, from where they come from and how they are secured between the sender and receiver. :

3. It is not clear why one key is generated from the other, if the the math used to do so is chosen specifically to leave an untraceable link between the two keys. (why not used two really unrelated keys?) — Preceding unsigned comment added by Sharesmart (talkcontribs) 15:15, 14 January 2014 (UTC)

Actual Algorithm, simple example

such a long distracting article, and no algorithm So I'll just put this here. Learn by Example!

  • All integers.
  • 2 facilitating numbers are to be calculated in order to find the encrypt/decrypt keys. lets call them m,n
  • message=6;

(1) choose two prime numbers (preferably huge)

11,23

(2) define n=11*23

           =253

(3) find this multiplier 10,22 ==> m = 220

(4) find encryption key

   lowest non element in 220....==>3

(5) Encrypted message= 6^3 mod 253= 216

(6) find Decryption Key lowest value possible so that (220*value +1)/3 is integer; because (220*2+1)/3= 441 / 3 ==> 147

(7) Decrypt (encrypted message , decryption key)

    216^147 mod 253 =....= 6

--Namaste@? 00:04, 18 November 2013 (UTC)

Your example is an example of the RSA algorithm, which is linked from this article. Since public key cryptography is about the general concept rather than RSA specifically and covers many different algorithms, it would be inappropriate to include that here. An equivalent example is in the linked article for that specific algorithm. —Quondum 00:25, 18 November 2013 (UTC)
Quondum, I couldn't disagree more...you're seriously claiming that an example exists which is both general and specific?? Or are you claiming that examples are inappropriate? This article suffers from a severe case of pomposity which makes it very difficult for someone who doesn't already understand the subject to learn anything. I agree with Diza, a simple example SHOULD be included, and a section titled "Examples" should OBVIOUSLY contain one or more (simple) examples - NOT links to other articles. A list of links is not "Examples" it is References or Reference Examples.Abitslow (talk) 17:26, 18 May 2014 (UTC)
The suggested example illustrates only the operation used in the RSA algorithm, and not the concept of public key cryptography, aside from the fact that encryption and decryption use a different key (which in itself is not a defining characteristic). The crucial aspect of public key cryptography is a one-way function, and the one-wayness is not illustrated by this example. In short, the example does not reasonably illustrate anything that the article is primarily about. This is adequately explained there, and linking to it is sufficient for those who want it – after all, WP is structured as a richly linked medium. Including the example would be undue clutter for the majority who use WP for what it is intended: a reference. In an article about multiplication, one does not give a simple example of addition (e.g. 1 + 1 = 2), one leaves that to the article on addition, and links to it, even though multiplication is built upon addition. An encyclopaedia is a reference, not a textbook. —Quondum 19:08, 18 May 2014 (UTC)

Term "digital envelope" used incorrectly/ambiguously in section Practical considerations

The term "digital envelope" usually refers to the concept of key encapsulation (e.g. encrypting a fresh symmetric key with the public key of the recipient, using the fresh symmetric key to encrypt the content), see for example http://www.ietf.org/rfc/rfc5083.txt or http://www.emc.com/emc-plus/rsa-labs/standards-initiatives/what-is-a-digital-envelope.htm

This is not the way the term is used in the section Practical considerations in this article. — Preceding unsigned comment added by XSfDFaI (talkcontribs) 15:15, 31 Jan 2015 (UTC)

The whole section "Practical considerations" seems to use non-standard, possibly outdated terminology. Calling digital signatures "inverse PKE" advances the mistaken notion that signatures are just PKE schemes where the private key is used to encrypt. Google turns up no sources for this terminology and I suggest rewriting this whole section to cover the use of hybrid encryption without introducing these questionable terms. --MarioS (talk) 10:32, 6 April 2015 (UTC)

Intro to Article needs some editing

I would do it myself but I know enough about public key technology to know how complex it is and that's about it, I'm not enough of a security guy to take a shot at editing this. But the intro doesn't correspond to Wiki standards. Articles are supposed to start with the name of the article in bold at the beginning. Also, the name of the article is Public-Key cryptography but the intro starts off talking about "asymetric" which is confusing to users. Either the article should be changed to be about assymetric algorithms or there should be an intro sentence that says something like "also known as asymetric algorithms because... The second one would be my suggestion. --MadScientistX11 (talk) 19:53, 28 April 2014 (UTC)

Related to this is the paragraph in the lead about "Because of the computational complexity of asymmetric encryption, it is typically only used for short messages, typically the transfer of a symmetric encryption key." That was both a surprise to me and is not supported by either citations nor the body of the article. --Marc Kupper|talk 21:25, 3 December 2015 (UTC)

Hello fellow Wikipedians,

I have just modified one external link on Public-key cryptography. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:

When you have finished reviewing my changes, please set the checked parameter below to true or failed to let others know (documentation at {{Sourcecheck}}).

checkY An editor has reviewed this edit and fixed any errors that were found.

  • If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
  • If you found an error with any archives or the URLs themselves, you can fix them with this tool.

Cheers.—cyberbot IITalk to my owner:Online 08:12, 12 April 2016 (UTC)


I've reviewed this change. The link is working. CheCheDaWaff (talk) 12:00, 13 April 2016 (UTC)

Digital signature is not ‘encryption with the private key’

The opening paragraph about signature schemes explains that digital signature is ‘encryption of a message digest with the private key’:

Message authentication involves hashing the message to produce a "digest," and encrypting the digest with the private key to produce a digital signature.

This is wrong on multiple levels.

  1. The only signature schemes where this is close to the truth are RSA-based ones. But the RSA private key operation, computing cube roots, or roots, modulo , is not encryption—it is just the private key operation, used differently in encryption schemes and in signature schemes. You can't take an RSA-based encryption scheme, such as RSAES-OAEP[1], exchange the public and private exponents, and get a signature scheme, any more than you can take an RSA-based signature scheme and make a secure encryption scheme. Other schemes, such as Victor Shoup's RSA-based encryption where the sender generates , computes , symmetrically encrypts a message with secret key , and then transmits , are even further from the design of a signature scheme.
  2. Even if you had an older RSA-based signature scheme that were more similar to a corresponding RSA-based encryption scheme, talk of ‘encryption with the private key’ encourages users to actually reuse key material between different applications, which leads to attacks such as Bleichenbacher's, enabling a decryption oracle to serve as a signature oracle or vice versa.
  3. The vast majority of signature schemes are not even this vaguely related to encryption schemes at all. For example, in EdDSA[2] with base point , a signature under public key on a message is a pair of a curve point and a natural number such that . (The signer, who knows the such that , computes , , and ; then ) There is nothing resembling ‘encryption with a private key’ or ‘decryption with a public key’ here.
  4. Only some signature schemes use a fixed message digest , e.g. MD5. These schemes are broken by collisions in —which has been well-documented to have been exploited for international industrial sabotage, by the Flame malware. Others, such as EdDSA, do not use a fixed message digest: an attacker cannot compute up front in order to search through possible values of for collisions.

These technical details may be inconsequential to the layman, but—aside from the confusion that the idea of ‘encryption with the private key’ tends to yield among a lay audience—the misconceptions that this article suggests lead newcomers to cryptography to dangerously wrong conclusions that may later entail major diplomatic incidents. I have seen even people who are likely to be judged experts in the field led astray by this confusion of ideas. So, after another novice asked a confused question arising from this article, I rewrote the paragraph to explain what meaningful properties a signature scheme would entail:

In a public key signature system, a person can combine a message with a private key to create a short digital signature on the message. Anyone with the corresponding public key can combine a message, a putative digital signature on it, and a known public key to verify whether the signature was valid—made by the owner of the corresponding private key. Changing the message, even replacing a single letter, will cause verification to fail: in a secure signature system, it is computationally infeasible for anyone who does not know the private key to deduce it from the public key or from any number of signatures, or to find a valid signature on any message for which a signature has not hitherto been seen. Thus the authenticity of a message can be demonstrated by the signature, provided the owner of the private key keeps the private key secret.

This edit was reverted. What do I need to do to persuade the Wikipedians watching this page to let this edit stand?

You make a compelling argument that this section should be changed. I reverted because I saw that several citations had been removed, but this may have been a mistake on my part as closer examination shows that they weren't germane to the central argument. To directly answer your question, the way to a Wikipedian's heart is to provide citations. In this case, because the section is in the introduction, citations would not be needed here provided there was an expanded treatment of the material in the body of the article that was fully backed up with reliable secondary sources. This reliance on secondary sources does imply that Wikipedia articles will never be at the cutting edge of technology; but this is a price that the community has decided it is willing to pay. --Bill Cherowitzo (talk) 05:59, 15 November 2016 (UTC)

So would you like to see citations in this paragraph, or is it OK as is on reflection? The body of the article is a bit voluminous for me to be comfortable reworking it—but I expect most readers won't go much past the opening paragraph, so I think what that says is more important. The Digital signatures article needs a lot of work too but generally reflects what my rewrite of the opening paragraph says. If you do want citations, how would you feel about these citations?[3][4]

Under the generalization that more citations can never hurt, I would put them in (they are fine in my opinion). If, and when, the treatment of digital signatures in this article gets expanded the issue can be looked at again and the references moved if that makes sense. Thanks for the work that you have put into this.--Bill Cherowitzo (talk) 17:25, 15 November 2016 (UTC)

OK, thanks. I've reapplied the change, with the citations added.

Hyphenation of the compound adjective formed by the words "public key"

Is there any reason why the use of the compound adjective "public key" isn't hyphenated in the article body when it leads a noun that it's modifying? The article title (and instances in the "Notes" and "References" sections) has the correct hyphenation (namely, public-key cryptography) whereas every instance in the article text is [incorrectly] devoid of a hyphen. --Jhfrontz (talk) 02:23, 12 May 2017 (UTC)

Physical keys are a bad metaphor

"There's one key to lock the box. And a different key to unlock it. And the message is the box."

Maybe magic wands would be more apt? — Preceding unsigned comment added by 107.199.201.225 (talk) 05:07, 8 October 2014 (UTC)

How about an open padlock for the public key, since anyone you give it to can lock a message for your key to open? (The analogy's not perfect in the case of reusable keys, since you probably can't copy a padlock without being able to make a key for it, but it's better.) NeonMerlin 15:12, 24 June 2015 (UTC)
PKI is an entire system (infrastructure"), not just a device. The postal system might be a better analogy. Once you address a letter to me, seal the envelope, and put it into the system, the content is secure until it is delivered to me and I open it. Access to my mailbox is secure and publicly available from remote locations for anyone in the world to mail to me. That is security because the system releases control of the letter only when it is in my control. The postal system does not have authentication. But if it did, the service would require your ID when you mail a letter. I could be assured at my end when I received a letter "from" you that it really had been mailed by you. The only authentication I have these days is your signature on the same sheet of paper (or within the same envelope) indicating your hand has originated the sending. Grammar'sLittleHelper (talk) 08:36, 25 June 2015 (UTC)
@NeonMerlin: I think that is an excellent analogy. It makes it perfectly obvious why no one has to share their secret keys! (It also hints at the relationship between public-key encryption and one-way functions.) You should make the change. Norbornene (talk) 14:28, 10 September 2017 (UTC)

Security Section Needs Citations

The entire section has no inline citations, especially this sentence:

To achieve both authentication and confidentiality, the sender should include the recipient's name in the message, sign it using his private key, and then encrypt both the message and the signature using the recipient's public key.

It is not clear what adding the recipient's name achieves.

Furthermore under RSA, this "sign-then-encrypt" pattern does not seem possible given the length limitations imposed on the data that can be encrypted (e.g. with 2048-bit RSA the signature alone would be 2048-bits, already exceeding the allowed space for a payload which is always less than the 2048 bits because padding must be included). Am I missing something here? — Preceding unsigned comment added by 197.215.243.110 (talk) 04:20, 17 October 2017 (UTC)

Non-standard use of the word "combined" confusing

First line 5th paragraph -

"In a public key signature system, a person can combine a message with a private key to create a short digital ..."

and subsequent usages. I have spent in the last 3 days about 10 hours trying to learn the concepts, nomenclature and digital entities underlying daily use of paired-key encryption. Nowhere have I found the word "combined" applied to any PKI method. Thus I don't have a clue what the above sentence means - the meaning of the word "combined" in this use case is unknown to me.

I am sorry, but I cannot offer any specific rephrasing or improvements to this article because I have not yet properly understood the subject myself. My credentials regarding this article are limited to having a college degree and 30 years experience setting up dozens end user computer systems. I have written half dozen user manuals for corporate computer systems and one for a course on Quicken taught nationwide at senior centers. I believe I _am_ qualified to say that this article is confusing, potentially very much so.

As a general recommendation: Utilize standard English in a manner such that one and only one word is used to reference a particular entity, method or concept AND that word is used with the same meaning as most accepted current texts. When attempting to teach a complex subject it is extremely counterproductive to use (even slightly) different words or phrases to reference the same thing within the curriculum. Aligning the local nomenclature with public common usage on a topic is also important and necessary.

In other words: Consistency, consistency, consistency. The topic itself is so challenging that it's imperative to remove as many other impediments to learning as we can. In this case, the richness of language which allows many different ways of expressing the same thing embodies a severe handicap to learning. Less (a limited vocabulary)is more (understandable), in the case of written learning material. — Preceding unsigned comment added by Rlaggren (talkcontribs) 17:39, 13 January 2018 (UTC)

  1. ^ J. Jonsson and B. Kaliski. Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1. doi:10.17487/RFC3447. RFC 3447.
  2. ^ "High-speed high-security signatures". Journal of Cryptographic Engineering. 2 (77): 77–89. 2011-09-26. doi:10.1007/s13389-012-0027-1. Retrieved 2016-11-14. {{cite journal}}: Unknown parameter |authors= ignored (help)
  3. ^ "11: Digital Signatures". Handbook of Applied Cryptography. CRC Press. October 1996. ISBN 0-8493-8523-7. Retrieved 2016-11-14. {{cite book}}: External link in |chapterurl= (help); Unknown parameter |authors= ignored (help); Unknown parameter |chapterurl= ignored (|chapter-url= suggested) (help)
  4. ^ Daniel J. Bernstein (2008-05-01). "Protecting communications against forgery" (PDF). Algorithmic Number Theory. 44. MSRI Publications. §5: Public-key signatures, pp. 543–545. Retrieved 2016-11-14.{{cite journal}}: CS1 maint: date and year (link)