vinge@sdcsvax.UUCP (03/11/87)
I have a crypto question. Classically, it seems like any crypto scheme with a fixed size key fails if the enemy has enough plaintext with corresponding ciphertext. With public key encryption, the enemy *by definition* can generate as much plaintext/ciphertext as he wishes. I don't see anyone talk about this, but it seems to me that this puts a real (and low) time limit on how long one can afford to use a given public/private key pair. Comments? -- Vernor Darrell Long Department of Computer Science and Engineering, C-014 University of California, San Diego La Jolla, California 92093 ARPA: Darrell@Beowulf.UCSD.EDU UUCP: sdcsvax!beowulf!darrell
darrell@sdcsvax.UCSD.EDU (Darrell Long) (03/19/87)
> With public key encryption, the enemy *by definition* can generate > as much plaintext/ciphertext as he wishes... > it seems to me that this puts a real (and low) time limit on how > long one can afford to use a given public/private key pair. He can generate as much plaintext/ciphertext as he wishes, but it's not going to *tell* him anything that the public key doesn't already tell him. The whole point of known-plaintext attacks is that they make it easier to tell how the stuff was encrypted. With a public-key system, you already know the encryption technique, and a known-plaintext attack doesn't buy you anything. That's my understanding, anyway -- I'm not an expert on this. The real cryppies hang out :-) in sci.crypt. Henry Spencer @ U of Toronto Zoology {allegra,ihnp4,decvax,pyramid}!utzoo!henry -- Darrell Long Department of Computer Science & Engineering, UC San Diego, La Jolla CA 92093 ARPA: Darrell@Beowulf.UCSD.EDU UUCP: darrell@sdcsvax.uucp Operating Systems submissions to: mod-os@sdcsvax.uucp