[Cryptography] Mixing public key crypto systems?

Henry Baker hbaker1 at pipeline.com
Mon Mar 28 15:50:55 EDT 2016 

At 02:55 AM 3/28/2016, Jeff Burdges wrote:
>On Sun, 2016-03-27 at 17:25 -0700, Henry Baker wrote:
>> Inspired by the 'monoculture' thread, I'm curious as to whether it is possible to mix different public key crypto systems.
>> 
>> For example, Alice might use some version of RSA, while Bob might use some version of El Gamal.
>> 
>> Alice posts her public key in her chosen PK system; Bob posts his public key in his chosen PK system.  Each has to use the type of encryption chosen by the addressee of the message.
>> 
>> Does everything still work?
>
>No.  
>
>First, Alice wants her security properties for the messages she sends,
>not just the message she receives.  
>
>Second, we must assume that Bob's messages to Alice leak information
>about Alice's messages to Bob, so using both PK systems like this gives
>you the weaker security of the two.

Yes, I agree that the strength of the overall communication is
limited by the weaker of the two protocols.

Nevertheless, you can't force someone to produce a public key
in N different public key crypto systems.  They're going to
publish 1,2,3, maybe, but not 10.

So you're limited to the types of PK systems that they choose
for your initial communication with them, and you're also
limited to the identity you can establish with them based on
their public keys.

This is essentially analogous to me talking HTTPS to a number
of different web sites; I'm restricted to the minimum of what
they support and what my browser supports.  Unfortunately, I
have to trust Google, Mozilla & Microsoft to make sure that
my trust chain is secure (and I'm not happy about that!).

Once you've established communications with someone and wish
to communicate more privately and/or more efficiently, you
can then each produce new public keys -- either for just
this correspondent, or completely public -- for all future
correspondents.

The current email system is effectively plaintext only, so
the ability to quickly bootstrap into using whatever public
key systems that various individuals are already using will
certainly be better than the current situation, and provide
a way to evolve into better & better public key systems.

More information about the cryptography mailing list