[Cryptography] We need a new encryption algorithm competition.

Alexandre Anzala-Yamajako anzalaya at gmail.com
Thu Mar 20 09:41:00 EDT 2014

What would be your pick for a non-brittle modern asymmetric cipher?

> (Context:  When I had to hack this in -- against my better wishes --
> about a year ago, I used the blinded-RSA construct.  I'm not thrilled at
> this because the details are way beyond my understanding, but it will do
> for now, low levels of value at protection.  I'd love a better way.  My
> alternate planned path is to switch to later generation
> safecurves.cr.yp.to at some point but that depends on having the
> design/intern/paper/reference code to do it, segway to other posts about
> TLS/TCP/curveCP/QUIC/....)
> iang

As far as I know, a careful, constant-time implementation of RSA-OAEP can
withstand chosen ciphertext attacks in the random oracle model.
In the EC world ECIES is quite common but it's basically asynchronous DH +
symmetric encryption so it might not fit your requirements.

Alexandre Anzala-Yamajako
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140320/91fb807c/attachment.html>

More information about the cryptography mailing list