Security Basics mailing list archives
Re: Signing before Encryption and Signing after Encryption
From: "Gregory Rubin" <grrubin () gmail com>
Date: Wed, 22 Mar 2006 12:15:26 -0800
On 3/22/06, David Gillett <gillettdavid () fhda edu> wrote:
Good points. If both asymmetric keys are used, the private key needs to be used first (for the same reasons that signing should be done first). [Hmmm. This only works if the encryption is NOT transitive, ie F(k1,F(k2,t)) <> F(k2,F(k1,t)). I don't recall seeing this property discussed as a characteristic of encryption algorithms, so I'm not sure whether it's taken for granted, or relatively rare.]
I've never heard of a modern "secure" encryption scheme that is also transitive (with the sole, trivial, exception of one time XOR pads of sufficient length). If they were, then the following method could be used to securely transmit messages. Message = M Alice encrypts the message with her key -> A(M) and sends it to Bob. Bob encrypts the message with his key -> B(A(M)) and sends it back to Alice Since the encryption is transitive, B(A(M)) == A(B(M)), so Alice decrypts it and sends it back to Bob -> B(M) Bob decrypts the message and reads the plaintext. M While this is clearly impractical for large messages, it would seem to be a simple way to achieve secure key-exchange over an insecure network. Definitely simpler than DH.
If the signing is done over the whole message and not just the hash, you no longer need to include the original text, so the message size shrinks back to the original, not double. (But that's with the overhead of two asymmetric encryptions, so you get to trade CPU load against message inflation.)
Ok, that's two obvious things that I missed today. Clearly I need to do more crypto. I'm out of practice. Greg Rubin --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Signing before Encryption and Signing after Encryption shyaam (Mar 21)
- RE: Signing before Encryption and Signing after Encryption Adrian Floarea (Mar 21)
- RE: Signing before Encryption and Signing after Encryption John Lightfoot (Mar 21)
- RE: Signing before Encryption and Signing after Encryption David Gillett (Mar 21)
- Re: Signing before Encryption and Signing after Encryption Gregory Rubin (Mar 21)
- RE: Signing before Encryption and Signing after Encryption David Gillett (Mar 22)
- Re: Signing before Encryption and Signing after Encryption Gregory Rubin (Mar 22)
- RE: Signing before Encryption and Signing after Encryption David Gillett (Mar 24)
- Re: Signing before Encryption and Signing after Encryption Gregory Rubin (Mar 24)
- RE: MS Windows Hidden Shares Jeffrey Smith (Mar 27)
- Re: Signing before Encryption and Signing after Encryption Gregory Rubin (Mar 21)
- <Possible follow-ups>
- RE: Signing before Encryption and Signing after Encryption Craig Wright (Mar 22)
- Re: Signing before Encryption and Signing after Encryption Gregory Rubin (Mar 22)
- RE: Signing before Encryption and Signing after Encryption John Lightfoot (Mar 24)
- Re: Signing before Encryption and Signing after Encryption Greg Rubin (Mar 24)
- Re: Signing before Encryption and Signing after Encryption Gregory Rubin (Mar 22)
- RE: Signing before Encryption and Signing after Encryption David Gillett (Mar 22)
- RE: Signing before Encryption and Signing after Encryption David Gillett (Mar 24)
- RE: Signing before Encryption and Signing after Encryption David Gillett (Mar 24)