Re: Weak keys for ElGamal
- From: "Anton Berg" <antonberg1@xxxxxx>
- Date: 28 Oct 2006 03:54:36 -0700
The very notion of "weak keys" makes no sense, given modern understandingSo from a security point of view it doesn't make a difference if I
of confidentiality. Security in crypto is inherently a probabilistic
notion: what are the chances that an adversary guesses the message?
(You can never make that probability exactly zero.)
So could a party by chance (or
intentionally) choose a weak secret key and thereby reduce the security
of the ElGamal scheme?
Those are two different questions.
If one of the parties is malicious, they can just reveal the message
or key, so it doesn't make sense to ask for El Gamal to be secure if
one of the parties is malicious.
As for choosing a weak key by chance, the best way to answer the question
is to unask the question and ask a different one, because weak keys are
not a very relevant concept.
choose the key randomly or always in a special intervall (but nobody
besides me knows this intervall).