11

If we wished to, is there a comprehensive alternative to RSA?

I say comprehensive as I wonder if there is one which does both encryption and digital signature like RSA?

If not, simply what alternatives are there?

Ali
  • 481
  • 2
  • 6
  • 11
  • When you say "does both encryption and digital signature" what do you mean? You mean a single key can support both operations? – mikeazo Nov 30 '15 at 14:14
  • Group based crypto (elliptic curves and finite fields) supports both signing (DSA, Schnorr, etc.) and encryption (ECIES/DLIES). But using a single key for both may not be the best idea (just like it may not be the best idea with RSA). – CodesInChaos Nov 30 '15 at 14:15
  • @mikeazo Sorry I mean you dont have to use a separate algorithm to sign the message – Ali Nov 30 '15 at 14:19
  • Additionally I think Rabin will also allow for encryption / decryption / verification / signature similarly to RSA, although you mean need to use Rabin-Williams for signature. – SEJPM Nov 30 '15 at 14:21
  • 3
    In practice, you do use a separate algorithm for signing vs encryption for RSA as we have some pre-processing we must do for security and practicality reasons. For example, we typically hash the message first and add some padding. – mikeazo Nov 30 '15 at 14:57
  • 2
    RSA is the only known trapdoor permutation, so in that sense there isn't a comprehensive alternative. – pg1989 Nov 30 '15 at 17:40
  • 1
    raw Rabin isn't, since the squaring map in Z/NZ is four-to-one. – pg1989 Nov 30 '15 at 17:58
  • 1
    I got curious too - check section 2.3.5: http://cseweb.ucsd.edu/~mihir/papers/gb.pdf – pg1989 Nov 30 '15 at 18:03
  • @pg1989 Speaking just about alternatives in general, is there one which is not dependant on the fact that such big numbers cannot be factored, as I believe Rabin is also dependant on this – Ali Dec 01 '15 at 14:39

1 Answers1

4

Yes.

You can use RSA for both signatures and encryption, but you need different algorithms for that. E.g. RSAES-OAEP is an encryption algorithm, while RSASS-PSS is a signature algorithm. Both use the RSA cryptosystem and have similar keys, but otherwise the algorithms differ. Textbook RSA has the "same" algorithm for both but is not secure.

There are alternatives where something similar is possible. Elliptic curves are the most practical and widely used option. The same curve can be used for encryption (e.g. ECIES) and signatures (e.g. ECDSA).

Note that using the same key-pair for both encryption and signatures is not necessarily secure, even if the algorithms allow it. So in practice you could use completely different algorithms for signatures and encryption without too much overhead, but you may save e.g. code size by using related algorithms for both. And you may rely on fewer hardness assumptions that way.

Community
  • 1
otus
  • 32,132
  • 5
  • 70
  • 165