A-B-a-b encryption
Steven M. Bellovin
smb at research.att.com
Mon Nov 17 15:58:08 EST 2003
In message <87wua015wz.fsf at snark.piermont.com>, "Perry E.Metzger" writes:
>Hmm. You need a cipher such that given B(A(M)) and A you can get
>B(M). I know of only one with that property -- XOR style stream
>ciphers. Unfortunately that makes for a big flaw, so I'm not sure we
>should throw out our Diffie-Hellman implementations yet.
I believe that Pohlig-Hellman with the same modulus has this property,
too. But I don't recall seeing any analysis if Pohlig-Hellman modulus
reuse has the same failings as RSA with modulus reuse.
--Steve Bellovin, http://www.research.att.com/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list