<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On Sun, Sep 8, 2013 at 12:19 PM, Faré <span dir="ltr"><<a href="mailto:fahree@gmail.com" target="_blank">fahree@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">On Sun, Sep 8, 2013 at 9:42 AM, Phillip Hallam-Baker <<a href="mailto:hallam@gmail.com">hallam@gmail.com</a>> wrote:<br>
> Two caveats on the commentary about a symmetric key algorithm with a<br>
> trapdoor being a public key algorithm.<br>
><br>
> 1) The trapdoor need not be a good public key algorithm, it can be flawed in<br>
> ways that would make it unsuited for use as a public key algorithm. For<br>
> instance being able to compute the private key from the public or deduce the<br>
> private key from multiple messages.<br>
><br>
</div>Then it's not a symmetric key algorithm with a trapdoor, it's just a<br>
broken algorithm.</blockquote><div><br></div><div>But the compromise may only be visible if you have access to some cryptographic technique which we don't currently have. </div><div><br></div><div>The point I am making is that a backdoor in a symmetric function need not be a secure public key system, it could be a breakable one. And that is a much wider class of function than public key cryptosystems. There are many approaches that were tried before RSA and ECC were settled on.</div>
<div><br></div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">
> 2) The trapdoor need not be a perfect decrypt. A trapdoor that reduced the<br>
> search space for brute force search from 128 bits to 64 or only worked on<br>
> some messages would be enough leverage for intercept purposes but make it<br>
> useless as a public key system.<br>
><br>
</div>I suppose the idea is that by using the same trapdoor algorithm or<br>
algorithm family<br>
and doubling the key size (e.g. 3DES style), you get a 256-bit<br>
symmetric key system<br>
that can be broken in 2^128 attempts by someone with the system's private key<br>
but 2^256 by someone without. If in your message you then communicate 128 bits<br>
of information about your symmetric key, the guy with the private key<br>
can easily crack your symmetric key, whereas others just can't.<br>
Therefore that's a great public key cryptography system.<br></blockquote><div><br></div><div>2^128 is still beyond the reach of brute force. </div><div><br></div><div>2^64 and a 128 bit key which is the one we usually use on the other hand... </div>
</div><br clear="all"><div><br></div><div>Perhaps we should do a test, move to 256 bits on a specific date across the net and see if the power consumption rises near the NSA data centers.</div><div><br></div>-- <br>Website: <a href="http://hallambaker.com/">http://hallambaker.com/</a><br>
</div></div>