On Sun, Sep 8, 2013 at 9:42 AM, Phillip Hallam-Baker <hal...@gmail.com> wrote: > Two caveats on the commentary about a symmetric key algorithm with a > trapdoor being a public key algorithm. > > 1) The trapdoor need not be a good public key algorithm, it can be flawed in > ways that would make it unsuited for use as a public key algorithm. For > instance being able to compute the private key from the public or deduce the > private key from multiple messages. > Then it's not a symmetric key algorithm with a trapdoor, it's just a broken algorithm.

> 2) The trapdoor need not be a perfect decrypt. A trapdoor that reduced the > search space for brute force search from 128 bits to 64 or only worked on > some messages would be enough leverage for intercept purposes but make it > useless as a public key system. > I suppose the idea is that by using the same trapdoor algorithm or algorithm family and doubling the key size (e.g. 3DES style), you get a 256-bit symmetric key system that can be broken in 2^128 attempts by someone with the system's private key but 2^256 by someone without. If in your message you then communicate 128 bits of information about your symmetric key, the guy with the private key can easily crack your symmetric key, whereas others just can't. Therefore that's a great public key cryptography system. —♯ƒ • François-René ÐVB Rideau •Reflection&Cybernethics• http://fare.tunes.org Theists think all gods but theirs are false. Atheists simply don't make an exception for the last one. _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography