[Cryptography] composing EC & RSA encryption?
Hanno Böck
hanno at hboeck.de
Mon Oct 26 12:31:07 EDT 2015
On Sun, 25 Oct 2015 12:42:27 +0000
ianG <iang at iang.org> wrote:
> Is it possible / reasonable / practical to compose the two together
> into one algorithm? And thus achieve some sort of agnostic defence
> against future developments that favour a break in one over the other?
I don't see any reasonable evidence that would favor either RSA or ECC
in terms of security, therefore I doubt that it would be reasonable.
There's little that the NSA announcement changes about this.
However if you want to design a crypto system with long term high
security goals it might be reasonable to combine a postquantum system
with a "classic" (meaning RSA or ECC) system.
One of the big worries with postquantum systems is that if you replace
RSA/ECC now with a postquantum alg you may end up less secure because
they're less well tested.
There already has been one attempt to combine a key exchange using both
ecdh and rlwe, however as far as I'm aware that rlwe exchange is
patented and the cryptographers I spoke to have a lot of doubts about
the security of rlwe.
One decision you'd have to make is whether you'd want to choose one of
the highly experimental postquantum systems with nice behaviors or
something conservative which is likely secure, but has extraordinary
big keys or signatures.
--
Hanno Böck
http://hboeck.de/
mail/jabber: hanno at hboeck.de
GPG: BBB51E42
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20151026/005f62b6/attachment.sig>
More information about the cryptography
mailing list