[Ach] Applied Crypto Hardening
Aaron Zauner
azet at azet.org
Wed Dec 11 23:27:44 CET 2013
Hi Christoph,
On 11 Dec 2013, at 20:26, Christoph Mueller <christoph.mueller at gmx.at> wrote:
>
> - In chap. 6 you mentioned: "The security of the RSA and Diffi�e-Hellman algorithms is based on the assumption that factoring
> large primes is infeasable. Likewise the security of ECC is based on the discrete logarithm problem”
> RSA is based on factoring, DH is based on discrete logarithm problem. therefore DH can be transformed into a ECC Version (ECDH) as well as for example DSA to ECDSA.
I wrote the ECC section. Until a week ago it used to state the DLP but failed to mention prime factoring with RSA (https://git.bettercrypto.org/ach-master.git/commitdiff/72b9d678beaa7f3d44a6c566333929f51e30ae87). So I’ve changed that from bad to worse probably - I just couldn’t find the proper wording to get all three (RSA, DH and ECC in one comparison). Feel free to do so.
Bergs suggestion is not bad.
> RSA can not be transformed in that way (there is no ECRSA as some former TU assistant which was concerned with cryptography told me long ago). In http://www.emc.com/emc-plus/rsa-labs/historical/overview-elliptic-curve-cryptosystems.htm it is mentioned that such a thing can exist but then na ECC over a GF(p*q) has to exist, which AFAIK is not possible.
There are actually such things:
http://link.springer.com/chapter/10.1007%2F3-540-48285-7_4#page-1
http://ci.nii.ac.jp/naid/110003297110
Thanks a lot for your contribution and suggestions!
Aaron
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1091 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20131211/8c574ba3/attachment.sig>
More information about the Ach
mailing list