[Cryptography] We need a new encryption algorithm competition.
ianG
iang at iang.org
Thu Mar 20 09:15:49 EDT 2014
On 20/03/2014 09:32 am, Alexandre Anzala-Yamajako wrote:
>> So for this one, let me repeat myself: The Goldwasser/Micali/Tong paper
>> shows why you should not encrypt semantically meaningful messages using an
>> asymmetric key system. The fact that anyone can send a message using the
>> same public key means it's possible to turn the recipient into an oracle
>> for information about the message, which may leak enough information to
>> allow the message to be decrypted.
>>
>
> Modern definitions of security for asymmetric ciphers *do* provide an
> encryption/decryption oracle to the attacker which mean that PK crypto is
> not brittle in general, some algorithm are extremely fragile and must be
> used with caution (RSA PKCSv1.5 as an example) while others are better
> since we can prove they achieve a more demanding form of security
What would be your pick for a non-brittle modern asymmetric cipher?
(Context: When I had to hack this in -- against my better wishes --
about a year ago, I used the blinded-RSA construct. I'm not thrilled at
this because the details are way beyond my understanding, but it will do
for now, low levels of value at protection. I'd love a better way. My
alternate planned path is to switch to later generation
safecurves.cr.yp.to at some point but that depends on having the
design/intern/paper/reference code to do it, segway to other posts about
TLS/TCP/curveCP/QUIC/....)
iang
More information about the cryptography
mailing list