On Fri, 6 Sep 2013 01:19:10 -0400
John Kelsey <crypto....@gmail.com> wrote:

> I don't see what problem would actually be solved by dropping public
> key crypto in favor of symmetric only designs.  I mean, if the
> problem is that all public key systems are broken, then yeah, we will
> have to do something else.  But if the problem is bad key generation
> or bad implementations, those will be with us even after we abandon
> all the public key stuff.

Not necessarily.  A bad implementation of a block cipher will be
probably spotted quickly if you need it to interoperate with a good
implementation; a bad implementation of a public key cipher might
interoperate just fine with good implementations.  Public key systems
often have parameters or requirements that affect security without
affecting the correctness of encryption or decryption.  ElGamal
encryption might appear to work even though you are using a group where
the DDH assumption does not hold.  Elliptic curve systems have even more
parameters that need to be set correctly for security.

I am not saying that we should abandon public key cryptography, I am
just saying that there a number of ways for public key systems to go
wrong that do not apply to symmetric ciphers.

Just my 2 cents,

Benjamin R Kreuter
UVA Computer Science


"If large numbers of people are interested in freedom of speech, there
will be freedom of speech, even if the law forbids it; if public
opinion is sluggish, inconvenient minorities will be persecuted, even
if laws exist to protect them." - George Orwell

Attachment: signature.asc
Description: PGP signature

The cryptography mailing list

Reply via email to