Public key encrypt-then-sign or sign-then-encrypt?
Mads Rasmussen
mads at lsitec.org.br
Wed Apr 25 14:24:06 EDT 2007
Hugo Krawczyk [1] showed in the symmetric key setting that the
encrypt-then-authenticate was the way to go about securing the integrity
of an encrypted message.
What about the public key setting?
Jee Hea An, Yevgeniy Dodis and Tal Rabin claims that the order doesn't
matter [2]. Encrypt-then-sign or sign-then-encrypt is equally secure.
Is this really true? My feeling was that the principle from Krawczyk's
paper should apply to the public key setting as well.
Did anyone anyone ever publish a follow up to [2] ? I wasn't able to
find any.
Regards,
Mads Rasmussen
[1] Hugo Krawczyk, "The Order of Encryption and Authentication for
Protecting Communications (or: How Secure Is SSL?)". Crypto 2001, pp.
310-331
[2] Jee Hea An, Yevgeniy Dodis and Tal Rabin, "On the Security of Joint
Signature and Encryption", Eurocrypt 2002
--
Mads Rasmussen
LEA - Laboratório de Ensaios e Auditoria
ICP-Brasil
(Brazilian PKI Cryptographic Certification Laboratory)
Office: +55 11 4208 3873
Mobile: +55 11 9407 4493
Mobile: +55 11 9655 8885
Skype: mads_work
http://www.lea.gov.br
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list