ryan April 24, 2015 10:21 PM

I purchased your book on Thursday at the RSA conference and was disappointed that you did now up for your book signing that was scheduled for 12-12:30 at Moscone south.

Nick P April 24, 2015 11:20 PM

@ 06421

That’s a great idea. Bruce cryptographically signing his final PDF and that being printed next to his signature would be a nice gimmick for a famous cryptographer. I’d up it to him physically signing it with the digital signature of his book or his name but that’s a lot of writing even with ECC. We’ll keep it simple with your scheme.

Wael April 25, 2015 12:15 AM

@Nick P,

That’s a great idea. Bruce cryptographically signing his final PDF

Do you mean his latest PDF, or do you know something we don’t? I’m planning to get a copy too in the near future.

Nick P April 25, 2015 12:55 AM

@ Wael

Lol. The final PDF or whatever format he sent to the publisher for this book. Don’t be giving Fate ideas: it’s terrifyingly creative as it is.

Wael April 25, 2015 2:06 AM

@Nick P,

Don’t be giving Fate ideas

Yup, you’re right… Wasn’t my intention! I was actually serious (that’s why I didn’t put a smiley at the end of the question.) Had you written the “Final revision” of the PDF, we wouldn’t be having this discussion. I am now relieved 🙂

As for a “cryptographic” signature: How would you verify it, and what significance would it have besides it bieng “amusing”?

Anura April 26, 2015 2:24 PM


For verifying, if he signs a text-only version, you could just manually copy the text into your computer and verify it that way.

“Hmm… Verification failed, let me check… Aha! He had a typo on page 173 that I didn’t copy correctly. Now it passed signature verification!”

Wael April 26, 2015 5:50 PM


I know you wrote about pencil and paper ciphers a few times… This takes it to an extreme 😉 I’d rather have a slide-rule that verifies the signature for me, or perhaps use one of @Thoth’s abacuses after he dusts it off… lol 🙂

Anura April 28, 2015 1:37 PM

Okay, you asked for it, a pencil and paper hash function:

Get a code wheel, randomize the inner disk while leaving the outer in order, and initialize a 36 character hash state to 0,1,..,9,A,B,..,Z. Now, take the first and last characters of the state and align those characters the inner and outer wheels, respectively. Now, take the first character from the message and find it on the outer disk, the new first character of the state is the corresponding character on the inner disk. Repeat using the FIRST character of the message for every character in the state, lining up the previous character of the state on the inner disk with the current character of the state on the outer disk. When all 36 characters of the state have been set, do the same for the next character in the message and then repeat until you have consumed the entire message. Then append an underscore followed by the base ten representation of the length of the message.

Once you are done, reduce the state to an 18 character hash using the following method: Line up the zero on the inner wheel with the first character of the state on the outer wheel, then find the nineteenth character on the outer wheel. The first character of the hash is the corresponding character on the inner wheel. Repeat with the second character and the twentieth character, the third and the twenty-first, all the way through the eighteenth and the thirty-sixth character.

Now, you can simply use a hash-based signature scheme to sign it.

Seth Black April 20, 2021 10:05 PM

I have regifted my signed copy. Selling privacy concepts is more challenging than I would have thought.

More ad blocking for everyone.

Explain to the church that crypto signing the bible addresses their text tampering concerns.

How do you preach security (and privacy) while encouraging use of Fbook and twitter

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.