On Fri, 6 Sep 2013 01:19:10 -0400 John Kelsey <crypto....@gmail.com> wrote:
> I don't see what problem would actually be solved by dropping public > key crypto in favor of symmetric only designs. I mean, if the > problem is that all public key systems are broken, then yeah, we will > have to do something else. But if the problem is bad key generation > or bad implementations, those will be with us even after we abandon > all the public key stuff. Not necessarily. A bad implementation of a block cipher will be probably spotted quickly if you need it to interoperate with a good implementation; a bad implementation of a public key cipher might interoperate just fine with good implementations. Public key systems often have parameters or requirements that affect security without affecting the correctness of encryption or decryption. ElGamal encryption might appear to work even though you are using a group where the DDH assumption does not hold. Elliptic curve systems have even more parameters that need to be set correctly for security. I am not saying that we should abandon public key cryptography, I am just saying that there a number of ways for public key systems to go wrong that do not apply to symmetric ciphers. Just my 2 cents, Ben -- Benjamin R Kreuter UVA Computer Science brk...@virginia.edu KK4FJZ -- "If large numbers of people are interested in freedom of speech, there will be freedom of speech, even if the law forbids it; if public opinion is sluggish, inconvenient minorities will be persecuted, even if laws exist to protect them." - George Orwell
signature.asc
Description: PGP signature
_______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography