[146651] in cryptography@c2.net mail archive
Re: [Cryptography] Opening Discussion: Speculation on "BULLRUN"
daemon@ATHENA.MIT.EDU (Benjamin Kreuter)
Fri Sep 6 12:39:28 2013
X-Original-To: cryptography@metzdowd.com
Date: Fri, 6 Sep 2013 11:28:22 -0400
From: Benjamin Kreuter <brk7bx@virginia.edu>
To: John Kelsey <crypto.jmk@gmail.com>
In-Reply-To: <947665FD-180A-476E-92A1-D4869983DD95@gmail.com>
Cc: Jerry Leichter <leichter@lrw.com>,
"cryptography@metzdowd.com List" <cryptography@metzdowd.com>,
Jon Callas <jon@callas.org>, Peter Gutmann <pgut001@cs.auckland.ac.nz>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============5290862906691343994==
Content-Type: multipart/signed; micalg=PGP-SHA512;
boundary="Sig_/HXdc/swKeBrjhk3UPQVz2Jx"; protocol="application/pgp-signature"
--Sig_/HXdc/swKeBrjhk3UPQVz2Jx
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
On Fri, 6 Sep 2013 01:19:10 -0400
John Kelsey <crypto.jmk@gmail.com> wrote:
> I don't see what problem would actually be solved by dropping public
> key crypto in favor of symmetric only designs. I mean, if the
> problem is that all public key systems are broken, then yeah, we will
> have to do something else. But if the problem is bad key generation
> or bad implementations, those will be with us even after we abandon
> all the public key stuff.
Not necessarily. A bad implementation of a block cipher will be
probably spotted quickly if you need it to interoperate with a good
implementation; a bad implementation of a public key cipher might
interoperate just fine with good implementations. Public key systems
often have parameters or requirements that affect security without
affecting the correctness of encryption or decryption. ElGamal
encryption might appear to work even though you are using a group where
the DDH assumption does not hold. Elliptic curve systems have even more
parameters that need to be set correctly for security.
I am not saying that we should abandon public key cryptography, I am
just saying that there a number of ways for public key systems to go
wrong that do not apply to symmetric ciphers.
Just my 2 cents,
Ben
--=20
Benjamin R Kreuter
UVA Computer Science
brk7bx@virginia.edu
KK4FJZ
--
"If large numbers of people are interested in freedom of speech, there
will be freedom of speech, even if the law forbids it; if public
opinion is sluggish, inconvenient minorities will be persecuted, even
if laws exist to protect them." - George Orwell
--Sig_/HXdc/swKeBrjhk3UPQVz2Jx
Content-Type: application/pgp-signature; name=signature.asc
Content-Disposition: attachment; filename=signature.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
iQIcBAEBCgAGBQJSKfSaAAoJEOV0+MnZK9ijJwkP/09+FQZEee/n7mt57rNtBuC6
zN6CHeAn60HSRvFBGlkbnvX20mATJndr0vQ/8n4iDFyWBEfiEWrFvWr+7dH9CvBo
ULpbdE6TVGYOJ5aTpMcgYqmEaK+IG8HQg3X/txDUss7h1djloOxNbB70cH7nSAS1
jkduPBG9acpwOsmPmZmKjaGjVyzV2Se2nd7XEW20+Hv3XiQYi40hNjRkrJ76MdQK
X5AE2X/9LCdF/aksW3cBYMgeH/mF2ZYM7xaZ4B6K833YTxzIm4tfgycNWp1kgVgD
rgtZ0KA0fNNEZUkXQEydH2I1yneW68jNxzprOn5RPEwTiQSKKpROjmQLL6QoS/6z
RSD90fIMDgIRK1gLOmR2b3UEi0+z3qDNZ/9OMmdgWB0zrLjC7n6DPGOoSTwnh8SF
vqWmNl5nC/5JeSawO7qzvoJrZdZVRK0oGeU3AcIPdPwljbllFYpywwuOvy1K+50T
cqL0WtIwViBNekAmt6vx1oEkw04kxwqz+pmGJO//WnusXuDiCKCD8uHdurxKpASG
4z+ABBw4+ZY9XKz20yul5XExI7ng2kzP7+uQcYiy1Wl9w+IyHzuR3I9g9uJXEGGf
TFZoCLbzytzTvY6i9ongYGP0aKu0eA9viVMY98YPFOHAaigaNDL/fPslS6f1epy+
APpkarZLThglqzbxTcYt
=4geY
-----END PGP SIGNATURE-----
--Sig_/HXdc/swKeBrjhk3UPQVz2Jx--
--===============5290862906691343994==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============5290862906691343994==--
