Re: Explanation on standards

Thu, 12 Aug 1999 09:00:57 -0700 

At 01:19 PM 8/12/99 +0100, Dr Stephen Henson wrote:
>The Digital Signature Algorithm, also called the Digital Signature
>Standard (DSS) is a public key algorithm that can be used only for
>signing. Unlike RSA it doesn't have patent problems (I believe it does
>have a patent but anyone can use it).

Inventor was David Kravitz (then at NSA); patent was issued to the 
U.S. Government; licenses are free -- just use it!

>It is described in the FIPS186 or FIPS186a document, if you do a search
>for that you should find it.

Current document is: http://csrc.nist.gov/fips/fips1861.pdf

>It is a bit more awkward to use than RSA. Like many things, if it wasn't
>for the RSA patent hardly anyone would use it.

I have to publicly disagree with this assessment.  Several facts make 
DSA (and other discrete log systems) preferred in certain environments: 
key generation is trivial, signing is faster (though validation is slower) 
than RSA -- for smartcard apps these can be the critical.  It has also been
estimated that there is roughly a 40-bit security advantage for discrete 
log algorithms over factoring-based algorithms.  

BTW, while DSA *is* only a signing standard, DSA *keys* are compatible 
with the new ANSI standard for Diffie-Hellman key agreement, and the 
same keys can be used for ElGamal-type encryption.  The Federal KEA
used in DoD's Defence Messaging System (FORTEZZA-based) uses the same 
type of keys.  Is there anything you can do with RSA keys that can't be 
done with DSA keys?  Don't think so.

In bandwidth- or memory-constrained systems that can't go to elliptic 
curves, DSA/D-H/ElGamal/KEA is a very good alternative to RSA.
The only disadvantage at the moment is that commercial (i.e., non-DoD)
DSA-based CAs are not widely deployed... yet.  You will be seeing
more support in the future however... despite the fact that the
RSA patent is expiring next year.

Of course, EC-based systems (e.g., ECDSA) are even more efficient
and secure, but I don't want to get into that debate.  <g>

-mjm


==========
Michael J. Markowitz, Ph.D.        Email: [EMAIL PROTECTED]
Vice President R&D                 Voice: 847-405-0500
Information Security Corporation          708-445-1704
1011 Lake Street, Suite 212        Fax:   847-405-0506
Oak Park, IL  60301                WWW:   http://www.infoseccorp.com   
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to