RE: France Allows 128 Bit Crypto

Wed, 20 Jan 1999 10:50:59 -0500 

At 10:40 PM 1/19/99 -0600, Black Unicorn wrote:
>> but this says: "if we want the key you have to give it to us ...
>Well, even worse.  It implies that you might be compelled to produce the
>PLAINTEXT, not just the key.  That could present problems for
>crypto-protection by multi-jurisdictional key-splitting applications.

That may or may not be worse - if you only have to provide
the plaintext, but not the key, then other documents encrypted
with the same key are not compromised.  On the other hand,
if you need to produce both the key and the plaintext, this is bad.

Either case is a clear call for using authenticated Diffie-Hellman
key exchange - a public key only used for signatures gives no
justification for delivering a private key, since that key can
only be used for future forgeries, not decrypting past communications.
And DH perfect forward secrecy means that compromising one key
only compromises one document, and if the system doesn't save
the keys, and you don't save the key-parts, you can't decrypt it,
(though you could look for whatever messages of that length
you received on the day the wiretap was made.)
        [... Hmmm... Perhaps I should be saying this quietly,
        and Not In French, so they don't ban DH?...]

What kind of key-splitting and encryption algorithms can be used
in a multi-jurisdictional environment when one part may be compromised?
For instance, can you use some Diffie-Hellman variant which
generates the starting point for searching for a prime for RSA,
or generates an ECC key?  I'd think if you're careful,
only the user could see enough to generate the key,
but two sharers could get together to do so.
For instance:
        User randomly generates x, y
        User sends E(x,pubkey(a)) to Alice and E(y,pubkey(b)) to Bob
        User takes g**xy mod m and starts searching for primes from there,
        to generate the real public key.
        France subpoenas Mme. Alice, getting a non-useful number, 
                but can't touch Sen~or Bob
        User gets hit by a truck.
        Alice sends Bob g**x mod m, Bob sends Alice g**y mod m,
                both calculate the public key to User's Swiss account.


                                Thanks! 
                                        Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF  3C85 B884 0ABE 4639

Reply via email to