Rabin vs. RSA/ElGamal
- From: Ertugrul Soeylemez <never@xxxxxxxxxxxxxx>
- Date: Sun, 5 Mar 2006 15:53:17 +0100
Hello NG,
You know RSA and ElGamal and their shortcomings, e.g. their poor speed.
Now there is Rabin's pubkey encryption scheme, which is based on the
difficulty of finding square roots in a finite field with a composite
modulus. The public key is some blum integer n and the private key is
its factorization p*q. The ciphertext is the square of the plaintext.
The plaintext can be recovered by calculating the four square roots and
selecting the 'right' one.
The problem of deriving the plaintext from the ciphertext is provably
equivalent to the problem of determining n's factorization. There is a
chosen ciphertext attack, but you can easily overcome that risk.
Both the encryption and the decryption in Rabin's scheme are a lot
faster than in RSA and ElGamal. My question: How come that everyone
still uses ElGamal or RSA? You can turn Rabin's encryption method into
a signature scheme easily, so RSA/ElGamal don't actually provide any
more functionality.
Regards.
.
- Follow-Ups:
- Re: Rabin vs. RSA/ElGamal
- From: Ertugrul Soeylemez
- Re: Rabin vs. RSA/ElGamal
- From: tomstdenis
- Re: Rabin vs. RSA/ElGamal
- From: David Wagner
- Re: Rabin vs. RSA/ElGamal
- From: Ertugrul Soeylemez
- Re: Rabin vs. RSA/ElGamal
- From: Bryan Olson
- Re: Rabin vs. RSA/ElGamal
- From: tomstdenis
- Re: Rabin vs. RSA/ElGamal
- From: Bryan Olson
- Re: Rabin vs. RSA/ElGamal
- From: David Wagner
- Re: Rabin vs. RSA/ElGamal
- From: tomstdenis
- Re: Rabin vs. RSA/ElGamal
- Prev by Date: Re: A little bit out of topic but not that much...
- Next by Date: Re: Rabin vs. RSA/ElGamal
- Previous by thread: Re: Laszlo Kish - totally secure communication using classical physics?
- Next by thread: Re: Rabin vs. RSA/ElGamal
- Index(es):
Relevant Pages
|
