ietf-openpgp
[Top] [All Lists]

Re: Improving resistance against attacks

1997-12-18 09:04:16
Nice thinking, Patrick, but why go to all that trouble when there is a key
generator that continually generates unpredictable keys of any size as often
as you want  and synchronizes them across a link without transmitting any
info about them.  It's called the ASK ToolKit(tm).  See www.keygen.com

Regards,

Myron Lewis,
President,
KeyGen Corporation.
781-860-0108
-----Original Message-----
From: Robert Hettinga <rah(_at_)shipwright(_dot_)com>
To: espam(_at_)intertrader(_dot_)com <espam(_at_)intertrader(_dot_)com>
Date: Wednesday, December 17, 1997 9:14 AM
Subject: Improving resistance against attacks


---------------------------------------------------------------------
This mail is brought to you by the e$pam mailing list
---------------------------------------------------------------------

From: Patrick Feisthammel <pafei(_at_)rubin(_dot_)ch>
Reply-To: Patrick Feisthammel <pafei(_at_)rubin(_dot_)ch>
To: ietf-open-pgp(_at_)imc(_dot_)org
cc: Patrick Feisthammel <pafei(_at_)rubin(_dot_)ch>
Subject: Improving resistance against attacks
MIME-Version: 1.0
Sender: owner-ietf-open-pgp(_at_)imc(_dot_)org
Precedence: bulk

-----BEGIN PGP SIGNED MESSAGE-----

Hi!

After the thread about weak RSA keys in sci.crypt, I tought about
improving the security against attacks on the public keys.

My propoal in short: Use multiple keys at the same time.


Why using multiple keys at the same time
========================================
If a key is generated, there is a probability p, that there is a 'fast'
algorithm to factorize this key. For two keys, the probability, that
both are 'easy' to break is p^2. And therefore much smaler.


How it works
============
To encrypt some data d with two keys K1 and K2:
  1. Create a one time pad o (random data) of the same length as d.
  2. Encrypt the data d with o: c1= E(d, o)
  3. Encrypt the result from step 2 with the key K1: c2= E(c1, K1)
  4. Encrypt the one time pad with key K2: c3= E(o, K2)
  5. The encrypted data is the concatenation of c2 and c3.

To decrypt:
  1. Decrypt c3 with K2: o= D(c3, K2)
  2. Decrypt c2 with K1: c1= D(c2, K1)
  3. Decrypt the data: d= D(c1, o)

If key K1 is broken, only c2 can be decrypted. Because without the one
time pad o, the knowledge about the data is still zerol
If key K2 is broken, the one time pad is known, but this also does not
give any information about the data d.

Some thougths have to be done for multiple recipients, that two broken
keys of different recipients don't reveal the cleartext.


Communication with PGP 2.6.x and PGP 5.x
========================================
The usage of two keys can easaly be added to the today version with
one key:
  - Add the information about the key id of the second key in the
    public key, as non critical information.
  - pgp-2keys checks if the receipient has a one-key public key. If he
    has, the old encryption/signing is used. If not, the new system is
    used.
Users of pgp-1key will always encrypt/sign with only one key, which is the
today used scheme. pgp-2key users can communicate with the schema
proposed in this mail.
This way it is fully compatible with todys versions. (Or at least as
compatible as today versions)


2 keys or m keys
================
Of course, this system can easaly be extended to the more general case
of m keys. The keys could even be from other key algorithms.


What do you think? Would this be a suitable way to reduce the risk
given by the usage of one signle key?
Could this be an idea for later versions of OpenPGP?


Cheers, Patrick






- --
 PGP-KeyID: DD934139 (pafei(_at_)rubin(_dot_)ch)    encrypt mail with PGP if 
possible
 more about PGP on http://www.rubin.ch/pgp/ (in german only at the moment)






-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQESAwUBNJeAe5VgYabdk0E5AQFLvgfkCKj+9dmpQMAYBxyKRKUnNpMIVvbIqOIB
Cn/ja5vUy+Z9NPX8dBKkiqlTS2vbJV88awtnjGE761M0983kLiX8gzdzMUQoC8bM
CJobaGHK9J1UjOzzJdCtxGbBYkqjVAU8UQec8d1d787u1MRcpjZg/AwOvcGLFLYs
wXhWA89/wur9487Jc/wxx2gtf+rphgdQcLrSTxmx25LISwJG4jLPvINbWbk+YC7W
jqB2vwHx0ZmEyyPOHsMpIqQ+Y9s1B2Mm9ckft9jcRbmG/w0MJezr58A8SWnbJHxl
A3yAXCYivlwinfk6LyNBulh5YiV7N/rVPtj+mwRNgp5FsgPrZg==
=8pFP
-----END PGP SIGNATURE-----


----------------------------------------------------------------------
Where people, networks and money come together:        Consult Hyperion
http://www.hyperion.co.uk/                          
info(_at_)hyperion(_dot_)co(_dot_)uk
----------------------------------------------------------------------
Full-Strength Cryptographic Solutions for Worldwide Electronic Commerce
http://www.c2.net/                                    
stronghold(_at_)c2(_dot_)net
----------------------------------------------------------------------
Like e$? Help pay for it!
For e$/e$pam contributions or sponsorship:  
<mailto:rah(_at_)shipwright(_dot_)com>
----------------------------------------------------------------------


<Prev in Thread] Current Thread [Next in Thread>