Anonymous (nobody@replay.com)
Tue, 14 Jul 1998 20:28:02 +0200
Mike Rosing scolded:
> Your lack of trust comes from lack of understanding. EC math has been
> around for 200 years, and EC crypto for 13. DH is only 25 years old,
> still quite a youngster. The fundamental problem which makes these
> systems secure is the inability to find a shortcut to solving the DLP.
Er, ECDLP != DLP. (that wasn't the whole reply :)
> EC crypto gives more security in fewer bits and because you can
> use simple XOR to do all the math it is easy to implement. That makes
> it quite useful for many applications.
This is mostly the same stuff Paul Lambert said, and I think I've made my
point clear -- 25>18, and however unimportant an advantage that may be,
the speed/size advantages ECDH-alone provides over DH-alone are even less
important in a PGP-like application. I think ECDH-alone certainly should
be used in other applications where its advantages make more of a
difference than the extra analysis DH has had (slower processors or less
bandwidth or messages are more time-dependent or whatever).
(Actually, I think a better option for a PGP-like application than either
DH-alone or ECDH-alone would be a compound cryptosystem including algos
based on many hard problems -- see my other post for more on that)
(Okay, _that's_ it)
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:20:22 ADT