I have a requirement to sign a tiny amount of data (and store that signature in a similar tiny space) – standard PKCS signatures are way too big, I need something in the region of an 8 – 16 byte signature. Secondly I need it to be an asymmetric crypto, and thirdly, I need it to be relativly secure (not breakable in 5 minutes with todays computers).
I was hoping to:
- Produce a hash of the data using a CRC algorithm (either CRC32 or CRC64) which would produce me 4 or 8 bytes of hash data.
- Then encrypt that data with a private key, and append the results on the end.
Using RSA encryption however, RSA produces an output which is as long as the key minimum – so a 512 RSA key would produce 64 bytes of data. What other options are there?
EDIT: By asymetric crypto I mean I can’t have any shared-secret, i.e. there is a signing ‘server’ which is going to have one secret, and a distributed public application which needs to verify that the data has come from that origin so can’t contain the signing secret.
I don’t think your requirements are obtainable. The closest you can get is probably with Elliptic Curve’s but even then you would get an output of say 192 / 8 * 2 = 48 bytes minimum. With a 160 bit curve you could get that down to 40 bytes, but after that the security margin becomes too low. This answer previously mentioned point compression, but that can probably not be used.
You are much better off using a secure hash and then using only the first X bits, instead of using a non-secure hash such as CRC. With ECC 160 bits SHA-1 is the obvious choice, for such small parts of data SHA-1 will be strong enough. The idea of a secure hash is that nobody can create another message that maps to the same hash. This is not a property for functions such as CRC or Adler.