From: Wei Dai <weidai@eskimo.com>
Date: Wed, 24 Apr 1996 14:23:16 -0700 (PDT)
To: Hal <hfinney@shell.portal.com>
Subject: Re: Golden Key Campaign
In-Reply-To: <199604241415.HAA02557@jobe.shell.portal.com>
Message-ID: <Pine.SUN.3.93.960424141313.12174A-100000@eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 24 Apr 1996, Hal wrote:

> Rabin encryption would have the advantage that it could be used with
> existing RSA keys as long as the modulus is a Blum modulus.  PGP at least
> has always used Blum moduli, perhaps for this eventuality.  So an
> alternative encryption program could use Rabin encryption and work with
> the existing infrastructure of PGP keys.  It would not of course be
> compatible with PGP for encryption and decryption.
> 
> This doesn't solve the signature problem; I'm not sure if there is a
> signature algorithm which could use RSA public keys but which is not
> covered by the RSA patent.  In any case since PGP key certificates use
> RSA signatures it would not appear to be possible to validate key
> signatures without infringing on the RSA patents, so that cancels out a
> lot of the advantages of using existing PGP keys.

You can do signatures with Rabin too.  I have a version of it in
Crypto++ 2.0.  It's been out for a while and RSA hasn't bothered me about
it.

Does anyone want to explain why, given the alternatives, people continue
to use RSA and pay for it?

Wei Dai