[14774] in cryptography@c2.net mail archive
Re: A-B-a-b encryption
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Mon Nov 17 17:24:21 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: "Steven M. Bellovin" <smb@research.att.com>
To: "Perry E.Metzger" <perry@piermont.com>
Cc: cryptography@metzdowd.com
In-Reply-To: Your message of "Sun, 16 Nov 2003 14:15:24 EST."
<87wua015wz.fsf@snark.piermont.com>
Date: Mon, 17 Nov 2003 15:58:08 -0500
In message <87wua015wz.fsf@snark.piermont.com>, "Perry E.Metzger" writes:
>Hmm. You need a cipher such that given B(A(M)) and A you can get
>B(M). I know of only one with that property -- XOR style stream
>ciphers. Unfortunately that makes for a big flaw, so I'm not sure we
>should throw out our Diffie-Hellman implementations yet.
I believe that Pohlig-Hellman with the same modulus has this property,
too. But I don't recall seeing any analysis if Pohlig-Hellman modulus
reuse has the same failings as RSA with modulus reuse.
--Steve Bellovin, http://www.research.att.com/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
