[619] in cryptography@c2.net mail archive
Re: RPK?
daemon@ATHENA.MIT.EDU (Gary Howland)
Mon Apr 21 18:35:44 1997
To: colin@nyx.net (Colin Plumb)
cc: gary@systemics.com, cryptography@c2.net
In-reply-to: Your message of "Mon, 21 Apr 1997 13:05:58 MDT."
<9704211905.AA21566@nyx.net>
Date: Mon, 21 Apr 1997 22:18:27 +0200
From: Gary Howland <gary@systemics.com>
> > I think it's quite a nice algorithm. Given that it is based on LFSRs,
> > it is probably two orders of magnitude faster than RSA. This may well
> > be the only practical solution for a high volume ecash mint.
>
> It's no faster than RSA. Or, to be precise, than Diffie-Hellman,
> which it is. It *is* Diffie-Hellman over GF(2^k) coupled with a conventional
> cipher. It is no faster than any other implmentation of such an idea.
I realise that this algorithm (or whatever you want to call it) is
Diffie-Hellman using LFSRs, but I do believe it is faster than RSA by
a couple of orders of magnitude - however I'll try to double check
that I'm not mistaken.
Your comment that "it is no faster than any other implementation of such
an idea" sort of implies that you are saying all Diffie-Hellman
algorithms are as fast as each other? If this is indeed what you are
implying, then how do you explain the performance gains of DH over
elliptic curves, or are you saying this isn't any improvement?
> The only difference is that they *call* it one algorithm, thus
> claiming "pure public-key crypto at XX Mb/sec, whereas pure RSA does
> (pitiful)" That's averaged over a large messages, so the Diffie-Hellman
> initialization costs are minimized.
It's been a while since I read the RPK documentation, but I recall
that it made no secret of the fact that this was Diffie Hellman. I
did not come away with the impression they were claiming their algorithm
was anything but Diffie-Hellamn.
> As it's not a signature scheme, it can't be used for a mint.
> I suppose you could do ElGamal with the keys, but then you have
> to figure out ElGamal blinded signatures.
>
> Um... not to put too fine a point on it, but this is nonsense.
Er, not to put an even finer point on it, that's total nonsense.
Diffie Hellman is quite capable of being used for Signatures,
including blinded signatures.
Gary
--
pub 1024/C001D00D 1996/01/22 Gary Howland <gary@systemics.com>
Key fingerprint = 0C FB 60 61 4D 3B 24 7D 1C 89 1D BE 1F EE 09 06
