Re: [Cryptography] Elliptic curve question
2013/10/10 Phillip Hallam-Baker > The original author was proposing to use the same key for encryption and > signature which is a rather bad idea. > Explain why, please. It might expand the attack surface, that's true. You could always add a signed message that says "I used a key named 'Z' for encryption here". Would that solve the problem? ___ The cryptography mailing list [email protected] http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Elliptic curve question
On Tue, Oct 8, 2013 at 4:14 PM, James A. Donald wrote: > On 2013-10-08 03:14, Phillip Hallam-Baker wrote: > > > Are you planning to publish your signing key or your decryption key? > > Use of a key for one makes the other incompatible.� > > > Incorrect. One's public key is always an elliptic point, one's private > key is always a number. > > Thus there is no reason in principle why one cannot use the same key (a > number) for signing the messages you send, and decrypting the messages you > receive. > The original author was proposing to use the same key for encryption and signature which is a rather bad idea. -- Website: http://hallambaker.com/ ___ The cryptography mailing list [email protected] http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Elliptic curve question
On 2013-10-08 03:14, Phillip Hallam-Baker wrote: Are you planning to publish your signing key or your decryption key? Use of a key for one makes the other incompatible.� Incorrect. One's public key is always an elliptic point, one's private key is always a number. Thus there is no reason in principle why one cannot use the same key (a number) for signing the messages you send, and decrypting the messages you receive. ___ The cryptography mailing list [email protected] http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Elliptic curve question
On Mon, 7 Oct 2013 10:54:50 +0200 Lay András wrote: > I made a simple elliptic curve utility in command line PHP: > > https://github.com/LaySoft/ecc_phgp > > I know in the RSA, the sign is inverse operation of encrypt, so two > different keypairs needs for encrypt and sign. In elliptic curve > cryptography, the sign is not the inverse operation of encrypt, so my > application use same keypair for encrypt and sign. > > Is this correct? The very general answer: If it's not a big problem, it's always better to separate encryption and signing keys - because you never know if there are yet unknown interactions if you use the same key material in different use cases. You can even say this more general: It's always better to use one key for one usage case. It doesn't hurt and it may prevent security issues. -- Hanno Böck http://hboeck.de/ mail/jabber: [email protected] GPG: BBB51E42 signature.asc Description: PGP signature ___ The cryptography mailing list [email protected] http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Elliptic curve question
On 07.10.2013 10:54, Lay András wrote: > I made a simple elliptic curve utility in command line PHP: > > https://github.com/LaySoft/ecc_phgp > > I know in the RSA, the sign is inverse operation of encrypt, so two > different keypairs needs for encrypt and sign. In elliptic curve > cryptography, the sign is not the inverse operation of encrypt, so my > application use same keypair for encrypt and sign. > > Is this correct? Without looking at your specific implementation, I had a similar question but regarding to ECIES combined with ECDSA. See http://lists.randombit.net/pipermail/cryptography/2013-September/005353.html for the answers. Regards Dominik signature.asc Description: OpenPGP digital signature ___ The cryptography mailing list [email protected] http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Elliptic curve question
On Mon, Oct 7, 2013 at 4:54 AM, Lay András wrote: > Hi! > > I made a simple elliptic curve utility in command line PHP: > > https://github.com/LaySoft/ecc_phgp > > I know in the RSA, the sign is inverse operation of encrypt, so two > different keypairs needs for encrypt and sign. In elliptic curve > cryptography, the sign is not the inverse operation of encrypt, so my > application use same keypair for encrypt and sign. > > Is this correct? > Are you planning to publish your signing key or your decryption key? Use of a key for one makes the other incompatible. -- Website: http://hallambaker.com/ ___ The cryptography mailing list [email protected] http://www.metzdowd.com/mailman/listinfo/cryptography
