[86424] in cryptography@c2.net mail archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Public key encrypt-then-sign or sign-then-encrypt?

daemon@ATHENA.MIT.EDU (Nicolas Williams)
Wed Apr 25 19:46:20 2007

Date: Wed, 25 Apr 2007 17:28:08 -0500
From: Nicolas Williams <Nicolas.Williams@sun.com>
To: Mads Rasmussen <mads@lsitec.org.br>
Cc: cryptography@metzdowd.com
In-Reply-To: <462F9CC6.8060904@lsitec.org.br>

On Wed, Apr 25, 2007 at 03:24:06PM -0300, Mads Rasmussen wrote:
> Jee Hea An, Yevgeniy Dodis and Tal Rabin claims that the order doesn't 
> matter [2]. Encrypt-then-sign or sign-then-encrypt is equally secure.
> Is this really true? My feeling was that the principle from Krawczyk's 
> paper should apply to the public key setting as well.

Instinctively sign-then-encrypt offers privacy protection: only the
intended receipient can verify the signature.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[86424] in cryptography@c2.net mail archive

Re: Public key encrypt-then-sign or sign-then-encrypt?

daemon@ATHENA.MIT.EDU (Nicolas Williams)Wed Apr 25 19:46:20 2007

daemon@ATHENA.MIT.EDU (Nicolas Williams)
Wed Apr 25 19:46:20 2007