[cryptography] Using same key for ECDSA and ECIES

Paterson, Kenny Kenny.Paterson at rhul.ac.uk
Fri Sep 20 11:17:15 EDT 2013


Hi 

On 20/09/2013 16:07, "Alan Braggins" <alan.braggins at gmail.com> wrote:

>On 20/09/13 13:22, Dominik Schürmann wrote:
>> I am wondering if it is okay to use the same asymmetric ECC key for
>> ECDSA and ECIES. Given that the signing and encryption algorithms are
>> not related like in RSA, I assume it is okay to use the same key for
>> both operations.
>>
>> Are there any things I need to pay attention to when combining both
>> schemes using same keys? Can Bob decrypt messages by forcing Alice to
>> sign messages? (as in naive RSA implementations).
>
>Even if it's technically secure (and I suspect it isn't), in some
>legislations you can be compelled to hand over a decryption key,
>or a dual use key, but not a signature _only_ key.
>http://www.legislation.gov.uk/ukpga/2000/23/section/49/enacted (9)
>
>So at least in some use cases, it's better to keep the signature key
>as a signature only key.


It is "technically secure". See:

http://eprint.iacr.org/2011/615


especially Section 4.

Even so, I would not recommend this approach unless you absolutely have to
use it.

Cheers

Kenny




More information about the cryptography mailing list