A-B-a-b encryption

Steven M. Bellovin smb at research.att.com
Mon Nov 17 15:58:08 EST 2003

In message <87wua015wz.fsf at snark.piermont.com>, "Perry E.Metzger" writes:

>Hmm. You need a cipher such that given B(A(M)) and A you can get
>B(M). I know of only one with that property -- XOR style stream
>ciphers. Unfortunately that makes for a big flaw, so I'm not sure we
>should throw out our Diffie-Hellman implementations yet.

I believe that Pohlig-Hellman with the same modulus has this property, 
too.  But I don't recall seeing any analysis if Pohlig-Hellman modulus 
reuse has the same failings as RSA with modulus reuse.

		--Steve Bellovin, http://www.research.att.com/~smb

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list