[618] in cryptography@c2.net mail archive
Re: RPK?
daemon@ATHENA.MIT.EDU (Colin Plumb)
Mon Apr 21 18:09:09 1997
Date: Mon, 21 Apr 97 13:05:58 MDT
From: colin@nyx.net (Colin Plumb)
To: gary@systemics.com
Cc: cryptography@c2.net
> I think it's quite a nice algorithm. Given that it is based on LFSRs,
> it is probably two orders of magnitude faster than RSA. This may well
> be the only practical solution for a high volume ecash mint.
It's no faster than RSA. Or, to be precise, than Diffie-Hellman,
which it is. It *is* Diffie-Hellman over GF(2^k) coupled with a conventional
cipher. It is no faster than any other implmentation of such an idea.
The only difference is that they *call* it one algorithm, thus
claiming "pure public-key crypto at XX Mb/sec, whereas pure RSA does
(pitiful)" That's averaged over a large messages, so the Diffie-Hellman
initialization costs are minimized.
As it's not a signature scheme, it can't be used for a mint.
I suppose you could do ElGamal with the keys, but then you have
to figure out ElGamal blinded signatures.
Um... not to put too fine a point on it, but this is nonsense.
--
-Colin
