[Ach] Applied Crypto Hardening

Aaron Zauner azet at azet.org
Wed Dec 11 23:27:44 CET 2013

Hi Christoph,

On 11 Dec 2013, at 20:26, Christoph Mueller <christoph.mueller at gmx.at> wrote:
> - In chap. 6 you mentioned: "The security of the RSA and Diffie-Hellman algorithms is based on the assumption that factoring
> large primes is infeasable. Likewise the security of ECC is based on the discrete logarithm problem”
> RSA is based on factoring, DH is based on discrete logarithm problem. therefore DH can be transformed into a ECC Version (ECDH) as well as for example DSA to ECDSA.

I wrote the ECC section. Until a week ago it used to state the DLP but failed to mention prime factoring with RSA (https://git.bettercrypto.org/ach-master.git/commitdiff/72b9d678beaa7f3d44a6c566333929f51e30ae87). So I’ve changed that from bad to worse probably - I just couldn’t find the proper wording to get all three (RSA, DH and ECC in one comparison). Feel free to do so.

Bergs suggestion is not bad.

>  RSA can not be transformed in that way (there is no ECRSA as some former TU assistant which was concerned with cryptography told me long ago). In http://www.emc.com/emc-plus/rsa-labs/historical/overview-elliptic-curve-cryptosystems.htm it is mentioned that such a thing can exist but then na ECC over a GF(p*q) has to exist, which AFAIK is not possible.

There are actually such things:

Thanks a lot for your contribution and suggestions!


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1091 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20131211/8c574ba3/attachment.sig>

More information about the Ach mailing list