1993-09-21 - Re: Why RSA?

Header Data

From: “Perry E. Metzger” <pmetzger@lehman.com>
To: derek@cs.wisc.edu (Derek Zahn)
Message Hash: 1b27c0e98fb57c5477281ac9f5ee46df490e207fbb1a5a417f2a1a686d0595a8
Message ID: <9309211943.AA22383@snark.lehman.com>
Reply To: <9309211900.AA15359@lynx.cs.wisc.edu>
UTC Datetime: 1993-09-21 19:46:34 UTC
Raw Date: Tue, 21 Sep 93 12:46:34 PDT

Raw message

From: "Perry E. Metzger" <pmetzger@lehman.com>
Date: Tue, 21 Sep 93 12:46:34 PDT
To: derek@cs.wisc.edu (Derek Zahn)
Subject: Re: Why RSA?
In-Reply-To: <9309211900.AA15359@lynx.cs.wisc.edu>
Message-ID: <9309211943.AA22383@snark.lehman.com>
MIME-Version: 1.0
Content-Type: text/plain

Derek Zahn says:
> Is there some reason that we shouldn't pick a different
> public key encryption algorithm than RSA to use as a
> freely-available standard?  The PGP docs imply that "almost"
> all practical such schemes are patented, implying that
> some are not.

All are patented in so far as one of the patents covers ALL public key
schemes. Some, like Rabin's scheme, have possible technical advantages
over RSA.

(For the curious, Rabin's scheme is provably equivalent to factoring,
whereas RSA is not. Rabin's scheme is, however, vulnerable to chosen
plaintext attacks, but adding things like initialization vectors stops
that from being a problem.)