Re: Weak keys for ElGamal
- From: "Anton Berg" <antonberg1@xxxxxx>
- Date: 28 Oct 2006 03:54:36 -0700
Hi,
The very notion of "weak keys" makes no sense, given modern understandingSo from a security point of view it doesn't make a difference if I
of confidentiality. Security in crypto is inherently a probabilistic
notion: what are the chances that an adversary guesses the message?
(You can never make that probability exactly zero.)
So could a party by chance (or
intentionally) choose a weak secret key and thereby reduce the security
of the ElGamal scheme?
Those are two different questions.
If one of the parties is malicious, they can just reveal the message
or key, so it doesn't make sense to ask for El Gamal to be secure if
one of the parties is malicious.
As for choosing a weak key by chance, the best way to answer the question
is to unask the question and ask a different one, because weak keys are
not a very relevant concept.
choose the key randomly or always in a special intervall (but nobody
besides me knows this intervall).
.
- Follow-Ups:
- Re: Weak keys for ElGamal
- From: David Wagner
- Re: Weak keys for ElGamal
- From: Kristian Gjøsteen
- Re: Weak keys for ElGamal
- References:
- Weak keys for ElGamal
- From: Anton Berg
- Re: Weak keys for ElGamal
- From: David Wagner
- Weak keys for ElGamal
- Prev by Date: Re: Fingerprint as cryptokey
- Next by Date: Re: Weak keys for ElGamal
- Previous by thread: Re: Weak keys for ElGamal
- Next by thread: Re: Weak keys for ElGamal
- Index(es):
Relevant Pages
|
