----- Forwarded message from Benjamin Kreuter <brk7bx@virginia.edu> ----- Date: Fri, 6 Sep 2013 11:28:22 -0400 From: Benjamin Kreuter <brk7bx@virginia.edu> To: John Kelsey <crypto.jmk@gmail.com> Cc: Jerry Leichter <leichter@lrw.com>, "cryptography@metzdowd.com List" <cryptography@metzdowd.com>, Jon Callas <jon@callas.org>, Peter Gutmann <pgut001@cs.auckland.ac.nz> Subject: Re: [Cryptography] Opening Discussion: Speculation on "BULLRUN" X-Mailer: Claws Mail 3.9.0 (GTK+ 2.18.9; i686-redhat-linux-gnu) On Fri, 6 Sep 2013 01:19:10 -0400 John Kelsey <crypto.jmk@gmail.com> wrote:

I don't see what problem would actually be solved by dropping public key crypto in favor of symmetric only designs. I mean, if the problem is that all public key systems are broken, then yeah, we will have to do something else. But if the problem is bad key generation or bad implementations, those will be with us even after we abandon all the public key stuff.

Not necessarily. A bad implementation of a block cipher will be probably spotted quickly if you need it to interoperate with a good implementation; a bad implementation of a public key cipher might interoperate just fine with good implementations. Public key systems often have parameters or requirements that affect security without affecting the correctness of encryption or decryption. ElGamal encryption might appear to work even though you are using a group where the DDH assumption does not hold. Elliptic curve systems have even more parameters that need to be set correctly for security. I am not saying that we should abandon public key cryptography, I am just saying that there a number of ways for public key systems to go wrong that do not apply to symmetric ciphers. Just my 2 cents, Ben -- Benjamin R Kreuter UVA Computer Science brk7bx@virginia.edu KK4FJZ -- "If large numbers of people are interested in freedom of speech, there will be freedom of speech, even if the law forbids it; if public opinion is sluggish, inconvenient minorities will be persecuted, even if laws exist to protect them." - George Orwell _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5