Re: Are there any authentication algorithms with runtime changeable key length?
From: Anne & Lynn Wheeler (lynn_at_garlic.com)
Date: 10/23/03
- Next message: Johan van der Galien: "How To Handle Huge Numbers In 2048 Bit RSA"
- Previous message: Foo Bar: "Re: Looking for Streaming Cipher alternative to Blowfish"
- In reply to: jos sulistyo: "Re: Are there any authentication algorithms with runtime changeable key length?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 23 Oct 2003 19:00:48 GMT
josb4@hotmail.com (jos sulistyo) writes:
> Dear Ann / Lynn:
> Thanks a bunch for the response. At any case, I have several more
> questions. So, EC/DSA could use only substrings of the original
> keys? Are those substrings treated as separate keys (hence the
> algorithms actually support multiple keys), or are they truly
> single-key algorithms which could support the option of just using
> part of the key? Also, considering the risk of piecewise discovery,
> if we need multiple-length keys, is it better to use multiple keys
> (with varying length) somehow, instead of trying to find an
> algorithm which allows the use of only part of the key? Or, is it
> safer (more secure) to avoid the entire multiple key length idea
> altogether? Thanks again for all responses! Cheers, Jos
i didn't say that ec/dsa could use substrings ... i said that
fips186-2, x9.62 specify multiple key lengths. asymmetric key
algorithms tend to have very complex relationship between the values
of the two keys aka they aren't bit strings but two numbers that tend
to be very large.
What would sort of be implied is that two extremely large numbers can
be converted to bit-strings ... then abritrary subset of the
bitstrings can be taken and then converted back to two (smaller)
numerical values ... and that those two entirely new & arbritrary
numerical values would also have some complex relationship?
Lets say I have a 100 digit number (A) that has a simple mathematical
relationship to another number (B) ... lets say A is seven times B.
The question is can I taken an arbritrary subset of digits from A and
B ... where all subsets of A will always be seven times all subsets of
B (for all possible A & B subsets and all possible As that are seven
times some B)?
and what I was implying was that if you had need for different key
lengths ... then you needed different keys (and some implementations
require it in any case).
Lets say you have a ISO 14443 card with a chip that does EC/DSA
digital signature authentication in a transit application. ISO 14443
is a standard for proximity cards where the chip doesn't actually have
physical contacts for power but draws its power from RF energy in the
air when in the vacinity of a 14443 reader (power-source). A transit
application tends to have time constraints (i.e. avoid long lines at
turnstyles in metro stations). Longer keys tend to require larger
power-time profile than shorter keys (in contact configuration there
is some trade-off possible between power and time ... i.e. more power
to drive more circuits that would perform move complex operations
faster).
so there is a somewhat general principle about security proporitional
to risk ... a little topic drift:
http://www.garlic.com/~lynn/2001h.html#61
which could imply that stronger security because of higher risk might
require longer keys (and/or other measures).
-- Anne & Lynn Wheeler | http://www.garlic.com/~lynn/ Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm
- Next message: Johan van der Galien: "How To Handle Huge Numbers In 2048 Bit RSA"
- Previous message: Foo Bar: "Re: Looking for Streaming Cipher alternative to Blowfish"
- In reply to: jos sulistyo: "Re: Are there any authentication algorithms with runtime changeable key length?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
