Ellipse-based Email Encryption

madlinguist writes: "Researchers connected with Stanford's Applied Crypto Group have developed a new method of identity-based encryption from spending too much time with ellipses. Named after two of the researchers, the Boneh-Franklin project was presented at Crypto 2001, where these researchers encouraged the crypto community to crack their open-source system. Best of all, the project's homepage allows you to try it on your own email address."

It has nothing to do with ellipses

[SIGFPE]

It uses elliptic curve crypto. It has nothing to do with ellipses. Elliptic curves are not ellipses and have absolutely nothing to do with ellipses. OK - they do have a historical connection with ellipses because elliptic curves arise out of the study of elliptic functions and elliptic functions can be used to find the arc-length of an ellipse. But really the use of the word 'elliptic' is just a historical accident.

Smells like snake oil from here

[bhurt]

If both the private and public key are calculated from the same publically available peice of knowledge (the email address), how do you keep the private key *private*? I am as capable as anyone of feeding "rms@fsf.org", "hemos@slashdot.org", or "billg@microsoft.com" into the algorithm as Richard Stallman, Hemos, or Bill Gates are. This gives me the ability to impersonate any of those people.

The whole idea of a private key is that it's *private*, i.e. only I know it, and no one else can figure it out from the publically available information about me.