1. Do you want the key selector because it hides the public key so
that people cannot factor the modulus?
2. If yes, would simply using a digest of the public key suffice (as
Burt Kaliski of RSADSI proposes, see included message below)?
Yes & Yes. I believe that security increases by hidding the public key.
In response to Amanda Walker who wrote:
If you want to access my private mail, which is sent to me with
a public-key cryptography scheme, you will have to find out my
pair-key.
Which of this options would you prefer:
1. Having my mail & my public key.
2. Having my mail.
The two are essentially equivalent in computational cost. That's part of the
point of public key cryptography.
I would like to quote *ARTO SALOMAA*:
Book: "Public Key Cryptography"
From: EATCS Monographs on Theoretical Computer Science - Vol. 2
Edition by: Springer-Verlag
Page 7:
".... We now discuss in more detail the possible initial setups for the
crytanalyst. ...
setup (i): Cryptotext Only. Here the cryptanalysis has to be
based on only cryptotext. ... .Efficient cryptanalytic methods can be
based on statistical information concerning the plaintext language, for
instance, information about the frequency of individual letters in english.
setup(ii): Known Plaintext. Here the cryptanalyst knows in
advance some pairs of (plain text, Encryted(plain text)). The knowladge
of such pairs may aid the analysis of the given cryptotext "Ct". ...
setup (iii): Chosen Plaintext. Here the cryptanalyst also knows
in advance some pairs of (pt=plain text, Ek(pt)=Encryted(plain text)).
However, "pt" has now been chosen by the cryptanalyst. ...
Before discussing setup (iv), we give an example of a cryptosystem
where the initial setu(iii) often gives much better possibilities for
the cryptanalyst then setup(ii).
...."
As you can see, if we have only the encryted mail (Ek(pt)) we are
restricted to setup(i). (let me point that Ek means, in our case,
encryptation with a public key). With lots of luck, we can belong to setup(ii).
But not all messages are "text", some may be compressed, etc.
If we have access to the public key, we then have conditions to belong
to setup(iii).
SALOMA continues at page 10:
" setup(iv): Encryption Key. The crytanalyst knows the encryption
method Ek, and tries to find out the corresponding decryption method Dk
before actually receiving any samples of crytotext.
....
Thus, the cryptnalyst usually has plent of time for pre-processing,
where he/she is in a hurry when a message arrives. Anithing
accomplished in the period when "time is cheap" is specially valuable."
But, then again, this is strickly security.
Happy New Year!!!!
Vitor Fernandes