Information Technology Reference
In-Depth Information
(N.B. on December 3, 2003, the 174 digit (576 bit) RSA Challenge Number has
been factored [12], whereas the next challenge, a 193 digit (640 bit) number has
not been factored yet [13]).
Pseudonyms may be analyzed (and classified) according to the following cri-
teria:
-
Involved mechanisms (e.g. symmetric/asymmetric encryption, hash-function,
MAC or digital signature)
-
Pre-computation (Are pre-computations possible? Which values may be pre-
computed?)
-
Generation efforts (Which values have to be calculated at the time, the
pseudonym is generated?)
-
Length of pseudonym
-
Proof of ownership (with or without disclosure)
-
Disclosure (local/global, Key Escrow)
-
Security (forging of pseudonyms, non-repudiation)
The last three points have been discussed in previous sections of this paper.
Now we would like to analyze the length of the proposed pseudonyms and the
(pre-)computation efforts.
Pseudonym:
P
=E
e
(
UID
n
Involved Mechanisms:
asymmetric encryption (here RSA)
Pre-computations:
e
,
d
,and
n
.
Generation Efforts:
Needs one asymmetric encryption. This may be done in
advance as well, if the pseudonym does not contain any data concerning the
application which requests the pseudonyms (e.g. the application identifier
AID
).
Length:
||
AID
||
PAD
)
||
e
||
is the block-length of the
cipher (which is equal to the length of the modulus
n
)and
|
P
|
=
|
n
|
+
|
e
|
+
|
n
|
=2
|
n
|
+
|
e
|
,where
|
n
|
|
e
|
is the length
of the public exponent.
A variant of the proposed scheme uses a common public exponent
e
for all
users of the system. Hence, there is no need to include
e
in the pseudonym, and
the modified pseudonym results in
P
=E
e
(
UID
)
n
. The bit-length of this type
of pseudonyms is only slightly smaller than the length above (N.B.
e
will be
most commonly some small number, like 3, 17 or 2
16
+1).
||
7
Resumee, Problems, Extensions and Future Research
In this paper we presented a scheme for generating digital pseudonyms, which
does not apply any centralized issuers or any online-communications between
issuers. The holder of the pseudonym can generate his pseudonym locally in his
personal security environment (e.g. in his smart card or his personal digital assis-
tant). The proposed method generates unique and nevertheless highly random
pseudonyms in a distributed environment and with considerable computation
