[Top] [All Lists]

Re: Diffie-Hellman vs. ElGamal

1998-04-06 19:31:26
Tim Dierks wrote:

What are the differences?

        - The only substantial difference is that in ElGamal, the sender uses 
                temporary key, while in my description of Diffie-Hellman, 
that key
                must be authenticated.
        - In Diffie-Hellman, the sender and all recipients must have keys in 
                same group in order to communicate. In ElGamal, the keys can 
be in
                any group and the sender need not have a certificate.
        - In Diffie-Hellman, the identity of the sender must be known and 
                in order to correctly unwrap the key K. Let us assume that K 
can be
                validated as correct. However, this does not mean that the 
                encrypted with K, is intact; it could be modified in any 
number of
                ways. Thus, this cannot serve in place of a signature.
          Because the sending key is temporary in ElGamal, it neither gives 
                benefit nor suffers from this restriction.

I queried the DH mechanism before. The two keys need not belong to the
same group if a temporary DH key is generated in each recipients group
and the public key stored somewhere (in RecipientInfo presumably). The
recipients DH key would be authenticated (e.g. part of a certificate).

If the sending agent wanted to read the encrypted message the it would
also generate a temporary DH key in its own group and put the info into
another RecipientInfo structure.

I'm not sure if it has been decided to do this but IMHO the alternative
of forcing all parties to use static keys in the same group with static
wrapping keys and implied signatures is too restrictive. As you pointed

* Dr Stephen N. Henson.                                    *
* Freelance Cryptographic Consultant.                      *
* Email: shenson(_at_)bigfoot(_dot_)com                               *
* PGP key:  * 

<Prev in Thread] Current Thread [Next in Thread>