17 Dec
2003
17 Dec
'03
11:17 p.m.
Derek Zahn says:
Is there some reason that we shouldn't pick a different public key encryption algorithm than RSA to use as a freely-available standard? The PGP docs imply that "almost" all practical such schemes are patented, implying that some are not.
All are patented in so far as one of the patents covers ALL public key schemes. Some, like Rabin's scheme, have possible technical advantages over RSA. (For the curious, Rabin's scheme is provably equivalent to factoring, whereas RSA is not. Rabin's scheme is, however, vulnerable to chosen plaintext attacks, but adding things like initialization vectors stops that from being a problem.) Perry