1994-07-18 - Re: Probabilistic encryption works!

Header Data

From: solman@MIT.EDU
To: rishab@dxm.ernet.in
Message Hash: 47d7f5c3af5c30e0b23289539d931d9d06105ba0f9ede7b80c4cd379b1dcc17f
Message ID: <9407181819.AA14370@ua.MIT.EDU>
Reply To: <gate.qBgLPc1w165w@dxm.ernet.in>
UTC Datetime: 1994-07-18 18:20:33 UTC
Raw Date: Mon, 18 Jul 94 11:20:33 PDT

Raw message

From: solman@MIT.EDU
Date: Mon, 18 Jul 94 11:20:33 PDT
To: rishab@dxm.ernet.in
Subject: Re: Probabilistic encryption works!
In-Reply-To: <gate.qBgLPc1w165w@dxm.ernet.in>
Message-ID: <9407181819.AA14370@ua.MIT.EDU>
MIME-Version: 1.0
Content-Type: text/plain


> Congratulations! You've just described the Blum-GoldWasser Efficient 
> Probabilistic Public-Key Encryption Scheme, first outlined in Crypto 84.
> Nice description in Schneier, who says it's much faster and more secure
> than any other PK scheme, but can obviously only be used one-way as it's
> vulnerable to a chosen plaintext attack. It would be possible to cook up 
> a protocol to allow for signatures as well, but it'd be tricky.

Is this true? I've given this some thought and I had convinced myself that
the nature of the algorithm makes it fundamentally impossible. You tend
to give away bits of information reguardless of how you use it. I'd like
to be wrong though...

JWS





Thread