On 8/09/13 16:42 PM, Phillip Hallam-Baker wrote:

Two caveats on the commentary about a symmetric key algorithm with a trapdoor being a public key algorithm.1) The trapdoor need not be a good public key algorithm, it can be flawed in ways that would make it unsuited for use as a public key algorithm. For instance being able to compute the private key from the public or deduce the private key from multiple messages. 2) The trapdoor need not be a perfect decrypt. A trapdoor that reduced the search space for brute force search from 128 bits to 64 or only worked on some messages would be enough leverage for intercept purposes but make it useless as a public key system.

`Thanks. This far better explains the conundrum. There is a big`

`difference between a conceptual public key algorithm, and one that is`

`actually good enough to compete with the ones we typically use.`

iang _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography