Slashdot Mirror
Ellipse-based Email Encryption
madlinguist writes: "Researchers connected with Stanford's Applied Crypto Group have developed a new method of identity-based encryption from spending too much time with ellipses. Named after two of the researchers, the Boneh-Franklin project was presented at Crypto 2001, where these researchers encouraged the crypto community to crack their open-source system. Best of all, the project's homepage allows you to try it on your own email address."
Sounds cool, but is it as secure as something GPG? In GPG we are using 2048 bit keys routinely, and i find it hard to figure how a key the length of your email address would be as secure. It may however become more popular that GPG because you don't have to go and download someone's private key.
Alright, take everything I say with a few bytes of salt--One should read the paper before drawing any strong conclusions.
However, from a cursory reading I have some concerns. The security seems to rely on the difficulty of discrete division in a finite field. In other words, your public key is a hash of your email address, P, and your private key is xP where x is a secret known only to the key generator. Figuring out x from P and xP is said to be hard. All well and good (assuming my number theory is up to date).
However, the problem is that if x is compromised by anyone in the system, everyone's private key is compromised. In other words, you have to trust the key generating site not to be hacked, invaded by the FBI, or just be evil in general.
Not only that, but the security of the system relies on deriving x from xP and P being hard. Even if this is hard in the general case, I worry about weak keys. For example, if one can find a string whose hash is 1 and feed it to the site, then one gets back x*P = x*1 = x and the entire system is compromised. Supposedly the IBE paper addresses this, but I found the PDF corrupted.
You aren't in control of all your secrets in this protocol and hence you are not secure.
Cool idea, nonetheless.