4

I'm looking to create a licensing system, and I need a serial generation scheme. I want to sign some data with a private key and verify it with a public key embedded in the software.

I don't need something that is easily typable, only easily copyable. The shortest I've gotten to is 56 base64 characters using DSA signing.

Can I get a shorter key? Functionality here is much more important than security, though it needs to be non trivial.

Luc
  • 31,973
  • 8
  • 71
  • 135
Ziv
  • 201
  • 2
  • 4

2 Answers2

1

BLS is the traditional scheme for your situation. This paper gives two potential alternatives, "Very Short Weakly Secure Signatures" and "Concrete Short Hash-Signature Scheme with Random Oracles". However, this paper gives an attack on the former alternative for most groups
which becomes significantly faster than solving discrete log to get the private key
when a significant number of signatures are available.

0

If it needs to be non trivial you could:

  • if you have a Internet connection create a online service which takes a short random token and returns a larger signed key ( and its up to you to decide if you want this to behave in a one shot manner or not )

  • if you do not have a Internet connection you could relax the requirements slightly and create a signature internally based on a second piece of information ( a username or hardware id) and then have your registration key simply be randomly selected characters from said key or simply a checksum of it. ( really any attacker which has access to the internals of your device to the point where they can generate your key can also simply nop out any licence checks )

Damian Nikodem
  • 769
  • 4
  • 8
  • I won;t always have an internet connection. If I use only a piece of the signature, how can it be verified? I don't understand, do you want me to simply sends parts of the string?? – Ziv Mar 19 '15 at 11:07
  • You will have data which includes items such as a username, expiration of licence, etc. you will need to have the signature generated inside your licence activation system. ( which means you will have to ship with a private key ) and then simply sign the data inside the package and compare the key. This can be your 'offline' activation code. in the event that a internet connection be acquired then you can use a second keypair (of which the private key is actually private) to verify that the user is not running a crack. – Damian Nikodem Mar 19 '15 at 11:20
  • While the 'offline' method is less than ideal it allows for the loss of a internet connection. It does reduce entropy and allows someone to disassemble the software to gain access to the private key stored inside, the idea is that if someone is sophisticated enough to do so they are also sophisticated enough to bypass the licence system anyway. – Damian Nikodem Mar 19 '15 at 11:22
  • So, it's basically symmetrical encryption of some shared known data? Or using a shared known key? – Ziv Mar 19 '15 at 11:47
  • @Ziv yep, for offline use if you want to keep the key short then its your only real option. (unless you have a license code which can self verify in a similar manner to a credit card number), unfortunately both are susceptible to De-compilation to produce a key generator. I would strongly recommend that in the event your application can hit the internet it should attempt to authenticate with a stronger mechanism and manage tampering seriously. (e.g. shutdown without save, etc. ) since circumvention of that would require patching the binary. – Damian Nikodem Mar 19 '15 at 11:56