Jim Gillogly (jim@acm.org)
Wed, 03 Feb 1999 17:39:16 -0800
Enzo Michelangeli writes:
> Well, the crypto-police could argue that this is equivalent to using k-bit
> conventional encryption (the k bits being a sort of "key"). Besides, are we
> sure that all-or-nothing transforms are unencumbered?
This idea, using (e.g.) 512-bit RSA to encrypt k bits of an
otherwise unencrypted A|N message, doesn't address the export issue
at all, since it doesn't interfere with the gov't reading the message.
They claim they can read 512-bit RSA if necessary, and if this is true
they can read the A|N message without trying to brute force the k bits.
The advantage of the construction Anonymous and I are suggesting is
that it can be faster than RSA without using a separate symmetric
encryption key. Note that the A|N package transform uses a symmetric
cipher, but in this case the key need not be secret, since without the
contribution of the RSA-encrypted package it can't be read anyway.
If Anonymous is an Irish schoolgirl we may have a winner here. :)
It's all pretty moot, though, since it reduces to much the same thing
as the current practice of RSA-encrypting a nonce for use with a
symmetric cipher: it eliminates the symmetric key setup cost and
reduces very slightly the total transmission size of the whole
thing, but to unwind the A|N package we pay about twice the
cost of some symmetric cipher (if I'm reading the paper right), so
overall we lose compared to the usual hybrid systems. That is, it's
faster than RSA alone, but slower than RSA+symmetric.
I don't know the intellectual property status of the A|N package
transform.
-- Jim Gillogly 14 Solmath S.R. 1999, 01:05 12.19.5.16.9, 3 Muluc 2 Pax, Fifth Lord of Night
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:18:25