[Cryptography] composing EC & RSA encryption?

ianG iang at iang.org
Sun Oct 25 18:38:00 EDT 2015


On 25/10/2015 21:46 pm, Jerry Leichter wrote:
>> ...An EC/RSA signing form is easy - just make one signature in RSA and one in EC, and we're done.  At least at a trivial level, this works, although I imagine it might be possible to do better - interesting work for a grad student perhaps.
>>
>> But what about encryption?  Doing that in parallel makes it weaker, it would have to be done in serial....
> Not sure what you're getting at.  The only thing you want to encrypt with a public key is a key for an asymmetric cipher.  Generate two random values, encrypt one with EC, one with RSA; use the XOR of the two as your actual asymmetric key.  As strong as the stronger of the two.


That's it.  Of course.


> Same goes for key agreement.


Right.  Actually someone (Jon?) has in the past suggested that the 
message digest of the two randoms is better than the XOR.  But this is a 
detailed refinement.

So, let's say a WG is arguing as it does for the right to have multiple 
public key algorithms.  "We simply must have ECC and RSA because you 
never know what is going to happen..."

Could we cut that gordian knot by saying, you can have your cake and eat 
it too:

Cake(x) = EC(x) ^ RSA(x)



iang



ps; I'm ignoring the size differences, and assuming that the RSA is 
padded out correctly, etc.


More information about the cryptography mailing list