Problems with GPG El Gamal signing keys?
Werner Koch
wk at gnupg.org
Thu Jan 8 08:54:08 EST 2004
On Mon, 1 Dec 2003 11:20:10 -0800, Anton Stiglic said:
> From: "Ralf Senderek" <ralf at senderek.de>
> Maybe we can learn that code re-use is tricky in cryptography: indeed, if
> the signing function and encryption function did not use the same gen_k
> function, the author of the code would have done the optimization that
But duplicates the lines of code and thus introduces another source of
errors. Its aghrd to tell what ebtter. Given that the algorithms for
signing and encryption are really different (compared to RSA) it might
have been better to use separate source files for ElGamal-signing and
ElGamal-encryption and don't view them as similar.
> g = 2 is safe but insecure for signatures... It's just simpler to have two
> distinct pairs of keys.
Sure, that's what OpenPGP strongly suggests. However ElGamal signing
stems from a time before OpenPGP when I tried to replace RSA by
ElGamal and keeping most of the PGP2 format (rfc1991) in place.
> By the way, is the paper by Phong Q. Nguyen describing the vulnerability
> available somewhere? Or maybe someone could describe the cryptanalysis
I don't know, please ask him. Phong dot Nguyen at ens.fr.
Werner
--
Werner Koch <wk at gnupg.org>
The GnuPG Experts http://g10code.com
Free Software Foundation Europe http://fsfeurope.org
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list