[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Interoperability (was: Death to AH?)
>>>>> "John" == John Harleman <jharleman@certicom.com> writes:
John> There is no order, but there is a well documented strength even
John> between differnent crypto systems. If you accept Dan's approach
John> to variable key-length ciphers, why wouldn't you accpet it for
John> variable key length public-key algorithms?
I assume you meant that there is "a well documented ordering of
strength for the different systems".
If so, I would disagree. Certainly people have voiced the opinion
that ECC with an x bit key is as strong as RSA with a y bit key. But
others have voiced different opinions.
Similarly, you may be able to find opinions on the relative strength
of, say, IDEA, 3DES, and Blowfish, but I don't think you will find
consensus.
On the other hand, I would be surprised to see, for any reasonably
designed cipher, a result that security decreases when the key size
increases. So it appears safe to say there is a partial order, i.e.,
for two ciphers that use the *same* system but different key length,
the one with the larger key has security >= that of the one with the
smaller key. But I don't agree you can do anything analogous when the
ciphers are from different systems -- whether the systems are
symmetric or asymmetric.
paul
----------------
...
Dan> And where in the scale do you add new groups or groups of
Dan> different types-- elliptic curve vs. prime modulus?
John> I think you have to leave that one out. The reason is that,
John> unlike all the other examples, there is no clear order among
John> these. That indeed is the problem with the group number: it
John> only has a partial order.
John> paul
References: