pem-dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: RFC1423 asymmetric algorithms & LUC

1994-09-20 10:16:00
from [burt] [Permanent Link] 
Just to clarify (and not to start algorithm wars):

LUC's claimed advantage over "raw" RSA is that encryption and 
multiplication do not commute. In "raw" RSA, they do. Let RSA(m) be 
the encryption of a message m with "raw" RSA, i.e., RSA(m) = m^e mod 
n. Then

  E(m1 * m2) = E(m1) * E(m2)

This is quite useful property for constructing blind signatures in 
digital cash systems. It is also opens the door to chosen ciphertext 
attacks. If I want to get the decryption of some ciphertext c, I can 
ask you to decrypt c1 and c2 where c = c1 * c2; the resulting m1 and 
m2, multiplied together, will give the decryption of c.

Similarly, if I want the signature of some message m, I can ask you to 
sign some m1 and m2 where m = m1 * m2, then multiply the signatures. 
Or, if I already have the signatures of m1 and m2, then I can compute 
the signatures of any product of any product of powers of m1 and m2.

In LUC, the only time this property holds is when m1 = m2, so I can 
get signatures of a power of some message, but not as rich as set as 
in RSA.

Now, for the clarification:

PEM and other standard applications of RSA do *not* have this 
multiplicative property, because a message is "padded" with a certain 
prefix before it is encrypted or signed. The padding is intended 
specifically to address concerns such as this. (See PKCS #1 for 
details.) In PEM the message is also hashed before it is signed. "Raw" 
mathematical relationships do not apply, since the chance that the 
product has the right form is so small.

-- Burt Kaliski


______________________________ Reply Separator _________________________________
Subject: RFC1423 asymmetric algorithms & LUC
Author:  "David M. Balenson" <balenson(_at_)tis(_dot_)com> at INTERNET
Date:    09/19/94 12:55 PM



Message was resent -- Original recipients were: 

To: balenson(_at_)tis(_dot_)com
------------------------------------------------------------------------------- 
I would like to propose the addition of LUC to the PEM
Asymmetric Algorithms as in RFC1423
Note that LUC is now on the ISO algorithm list

LUC is now ISO standard  ISO 9979-0003 (July 1994)


                     LUC Digital Signature

LUC is a new Public Key Cryptography system. Used as a Digital Signature it 
is a secure alternative to the RSA system.

Cryptographic advantage:

LUC has a cryptographic advantage over RSA when used as a Digital Signature=
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: PKP, licensing, and all that ..., Robert W. Shirey
Next by Date:  Re: PKP, licensing, and all that ..., Theodore Ts'o
Previous by Thread:  PKP, licensing, and all that ..., Mr Rhys Weatherley
Next by Thread:  Re: RFC1423 asymmetric algorithms & LUC, warwick (w.s.) ford
Indexes:  [Date] [Thread] [Top] [All Lists]