1996-04-25 - Re: Golden Key Campaign

Header Data

From: “Perry E. Metzger” <perry@piermont.com>
To: frantz@netcom.com (Bill Frantz)
Message Hash: c69a7242289205871df03803489ac4a7e8536f0371d0b74017aa371b9c51e796
Message ID: <199604252118.RAA28185@jekyll.piermont.com>
Reply To: <199604252054.NAA03146@netcom9.netcom.com>
UTC Datetime: 1996-04-25 21:19:33 UTC
Raw Date: Thu, 25 Apr 1996 14:19:33 -0700 (PDT)

Raw message

From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 25 Apr 1996 14:19:33 -0700 (PDT)
To: frantz@netcom.com (Bill Frantz)
Subject: Re: Golden Key Campaign
In-Reply-To: <199604252054.NAA03146@netcom9.netcom.com>
Message-ID: <199604252118.RAA28185@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Bill Frantz writes:
> At  3:27 PM 4/25/96 -0400, Perry E. Metzger wrote:
> >Bill Frantz writes:
> >> I will add to Bill's list:
> >> 
> >> 7) RSA is the best known and vetted of the Public Key algorithms.
> >
> >Not at all, Mr. Frantz. There are no proofs of security associated
> >with RSA. Rabin has excellent proofs that breaking a message is
> >strictly equivalent to factoring.
> 
> I do not equate good vetting with proofs of security.  Given the Verona
> intercepts, I don't think there are any valid proofs of the security of
> complete crypto-systems.

In that case, why do you think that an RSA system would be better
implemented as a matter of necessity than a Rabin system?

> While anyone who can factor RSA keys can break
> RSA, factoring has been intensively studied since RSA was published.  The
> public information says that in spite of improvements, factoring is still a
> hard problem.  If people in Maryland can factor big RSA keys, they're Not
> Saying Anything.

You didn't hear what I said.

There is no proof that RSA is equivalent to factoring -- only a strong
belief. There may exist ways to break RSA that do not involve
factoring. Rabin, however, is provably equivalent to factoring.

> So far, I'll stand by my two contentions:
> 
> 7a) RSA is the best known public key algorithm.

Meaningless and unimportant.

> 7b) RSA is the best vetted public key algorithm.

Again, false. RSA has no proofs of security, and other systems have
far better proofs. RSA also leaks small bits of information like
parity that other systems do not leak. This is not to say that RSA is
bad, but its choice over, say, Rabin, at least for encryption, is
fairly abitrary.

Perry





Thread