[cryptography] cryptography: 576-bit ECC ....novel uses of key....Asymmetric....Symmetric group key....

Joseph Tag joseph.g.tag at gmail.com
Sun Nov 4 12:46:24 EST 2012

Hello. I am still interested in the concept of using 576 bit keys;
composed of 9 parts of 64-bit keys, and applied and mixed by SHA-256
or SHA-3.


Message: 1
Date: Sun, 04 Nov 2012 15:03:56 +1300
From: Peter Gutmann <pgut001 at cs.auckland.ac.nz>
To: cryptography at randombit.net, jon at callas.org
Subject: Re: [cryptography] Why using asymmetric crypto like symmetric
        crypto isn't secure
Message-ID: <E1TUpZ6-0002cU-60 at login01.fos.auckland.ac.nz>

Jon Callas <jon at callas.org> writes:

>Which immediately prompts the question of "what if it's long or secret?" [1]
>This attack doesn't work on that.

The "asymmetric-as-symmetric" was proposed about a decade ago as a means of
protecting against new factorisation attacks, and was deployed as a commercial
product.  I don't recall them keeping the exponent secret because there wasn't
any need to... until now that is.  So I think Taral's comment about not using
crypto in novel ways is quite apropos here, the asymm-as-sym concept only
protected you against the emergence of novel factorisation attacks (or the use
of standard factorisation attacks on too-short keys) as long as no-one
bothered trying to attack the public-key-hiding itself.

>If you believe that the only attack against RSA is factoring the modulus,
>then you can be seduced into thinking that hiding the modulus makes the
>attacker's job harder.

Yup, and that was the flaw in the reasoning behind the keep-the-public-key-
secret system.  So this a nice textbook illustration of why not to use crypto
in novel ways based purely on intuition.


[1] Not my footnote.

More information about the cryptography mailing list