Re: RSA question
- From: sluijten@xxxxxxxxx
- Date: Wed, 18 Feb 2009 23:24:19 -0800 (PST)
On 19 feb, 05:29, Bryan Olson <fakeaddr...@xxxxxxxxxxx> wrote:
Greg Rose wrote:
It is one of my pet peeves that people try to map
the digital signature operations of sign/verify
onto the privacy operations of decrypt/encrypt.
For most public key systems the operations are
Yeah. That's bad. Where do they get that? ...Doh! Wrong as it is, and
peeved as we may justifiably be, the mistake unfortunately traces back
to foundational research in the field.
Diffie and Hellmann introduced the public-key concept in the their 1976
paper, "New Directions in Cryptography". They described digital
signatures as a "one-way authentication" problem, along with multiple
partial solutions, and one, unrealized at the time, complete solution:
"A public key cryptosystem can be used to produce a true one-way
authentication system as follows. If user A wishes to send a message M
to user B, he “deciphers” it in his secret deciphering key and sends
DA(M). When user B receives it, he can read it, and be assured of its
authenticity by “enciphering” it with user A’s public enciphering key EA."
with RSA being sort-of the exception.
Absolutely. Unfortunately again, in the second-most-important paper on
the new cryptography, "A Method for Obtaining Digital Signatures and
Public-Key Cryptosystems" of 1978, Rivest, Shamir and Adleman wrote:
"To implement signatures the public-key cryptosystem must be implemented
with trap-door one-way permutations [...], since the decryption
algorithm will be applied to unenciphered messages."
I say "sort-of" because security
requires a lot more than just the modular
exponentiations, and as soon as you take these
other thing (like padding, checking formats, etc)
into account, the privacy operations are again
quite different to the digital signature
A little knowledge is a dangerous thing. That's a wise old saying, and
crypto provides the best examples I've ever seen. I totally agree with
Greg Rose here -- I'm adding that D, H, R, S, and A blazed the trail,
and much as they deserve their acclaim, of course we've learned more in
the decades since their initial works.
If we had to pick a third most important paper on public-key
cryptography, I'd nominate Taher Elgamal's 1985 explanation of how
Diffie/Hellman key exchange obviously provides the utility of public-key
encryption, and, with great insight and cleverness, can yield digital
signatures, even though it does not mathematically conform to the
one-way-trap-door formalism that D&H described in 1976.
A little knowledge is a dangerous thing.
OK math guys, what's the overall conclusion, can I use RSA for this?
In other words: is there a major security issue when I use a private
key to encrypt and a public key for decryption?
So, I don't want the public to be able to encrypt, they should only be
able to decrypt,
without knowing or being able to break my private key...
- Prev by Date: Re: Paper & pencil password algorithm
- Next by Date: Re: RSA question
- Previous by thread: Re: RSA question
- Next by thread: Re: RSA question