Why RSA?

Perry E. Metzger pmetzger at lehman.com
Tue Sep 21 12:46:34 PDT 1993



Derek Zahn says:
> 
> Is there some reason that we shouldn't pick a different
> public key encryption algorithm than RSA to use as a
> freely-available standard?  The PGP docs imply that "almost"
> all practical such schemes are patented, implying that
> some are not.

All are patented in so far as one of the patents covers ALL public key
schemes. Some, like Rabin's scheme, have possible technical advantages
over RSA.

(For the curious, Rabin's scheme is provably equivalent to factoring,
whereas RSA is not. Rabin's scheme is, however, vulnerable to chosen
plaintext attacks, but adding things like initialization vectors stops
that from being a problem.)

Perry






More information about the cypherpunks-legacy mailing list