From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: Jan Kara <jack@suse.cz>
Cc: Luis Rodriguez <mcgrof@gmail.com>,
"ksummit-discuss@lists.linuxfoundation.org"
<ksummit-discuss@lists.linuxfoundation.org>,
Kyle McMartin <jkkm@jkkm.org>
Subject: Re: [Ksummit-discuss] [TECH TOPIC] Firmware signing
Date: Thu, 13 Aug 2015 07:01:09 -0700 [thread overview]
Message-ID: <1439474469.2222.21.camel@HansenPartnership.com> (raw)
In-Reply-To: <20150813070308.GA26599@quack.suse.cz>
On Thu, 2015-08-13 at 09:03 +0200, Jan Kara wrote:
> On Wed 12-08-15 12:59:51, James Bottomley wrote:
> > On Wed, 2015-08-12 at 12:45 -0700, Andy Lutomirski wrote:
> > > On Wed, Aug 12, 2015 at 12:43 PM, James Bottomley
> > > <James.Bottomley@hansenpartnership.com> wrote:
> > > > On Wed, 2015-08-12 at 12:25 -0700, Andy Lutomirski wrote:
> > > >> All that's moot, though. IMO the only reason we should support RSA
> > > >> here is if there are vendor keys already out there (or Authenticode,
> > > >> sigh) that use RSA. RSA keys and signatures are rather large.
> > > >
> > > > In either case security rests on the discrete log problem.
> > >
> > > RSA is based on factoring, not discrete log.
> >
> > Security is based on the discrete log: RSA relates the private to the
> > public key via an inverse operation: if you can solve the discrete log
> > problem, you can recover the private key from just the public key. If
> > you can factor n in RSA, you can also recover the public key. It is a
> > theorem that these two problems are effectively equivalent.
>
> As the reference Andy gave explains, it depends on the exact definition of
> the "discrete log problem". Discrete log operation can be defined for
> arbitrary group. Knowing how to solve discrete log problem for some groups
> (e.g. for Z_p where p is a prime) doesn't easily give you a way to infer
> private RSA key from a public one. If you can solve discrete log for
> Z_{p*q}, then yes, you can break RSA as well.
The conjecture is that the discrete log problem is solved for a prime
ring. (Solved means algorithmically feasible with current computers and
ring sizes). The ring used for RSA, as you point out is p*q, which is
actually a composite Z_p \otimes Z_q (RSA chooses p and q to be
similarly sized). All the currently known algorithms are exponential
(or worse) in the ring order (well, except Shor's algorithm which
depends on the invention of a quantum computer; Shor's algorithm, by the
way, is polynomial in log order, so the size of the ring becomes a lot
less material, which is why the invention of a quantum computer signals
a disaster in all our current security systems).
It's possible there's an undiscovered classical algorithm that only
works for primes with certain characteristics, but that's speculation.
James
next prev parent reply other threads:[~2015-08-13 14:01 UTC|newest]
Thread overview: 86+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-28 13:36 David Howells
2015-07-28 14:23 ` David Woodhouse
2015-07-28 16:55 ` Luis R. Rodriguez
2015-07-28 15:10 ` James Bottomley
2015-07-28 15:22 ` Andy Lutomirski
2015-07-28 15:31 ` James Bottomley
2015-07-28 16:05 ` Andy Lutomirski
2015-07-28 16:10 ` James Bottomley
2015-07-28 16:15 ` David Woodhouse
2015-07-28 16:35 ` Andy Lutomirski
2015-07-28 16:44 ` David Howells
2015-07-28 17:03 ` Andy Lutomirski
2015-07-28 19:19 ` David Woodhouse
2015-07-28 19:31 ` Andy Lutomirski
2015-07-28 19:43 ` David Woodhouse
2015-07-28 22:03 ` James Bottomley
2015-08-11 20:24 ` David Howells
2015-08-11 21:56 ` Andy Lutomirski
2015-08-11 22:03 ` Luis R. Rodriguez
2015-08-12 18:22 ` David Howells
2015-08-12 18:45 ` David Woodhouse
2015-08-12 19:09 ` Andy Lutomirski
2015-08-12 19:15 ` James Bottomley
2015-08-12 19:25 ` Andy Lutomirski
2015-08-12 19:43 ` James Bottomley
2015-08-12 19:45 ` Andy Lutomirski
2015-08-12 19:59 ` James Bottomley
2015-08-13 7:03 ` Jan Kara
2015-08-13 14:01 ` James Bottomley [this message]
2015-08-12 22:46 ` David Howells
2015-08-12 22:51 ` Andy Lutomirski
2015-08-12 19:06 ` Andy Lutomirski
2015-08-12 22:39 ` David Howells
2015-08-12 22:45 ` Andy Lutomirski
2015-08-12 22:45 ` David Howells
2015-08-12 22:47 ` Andy Lutomirski
2015-07-28 16:18 ` David Howells
2015-07-28 16:42 ` James Bottomley
2015-07-28 17:05 ` Andy Lutomirski
2015-07-28 17:09 ` James Bottomley
2015-07-28 17:10 ` Andy Lutomirski
2015-07-29 2:00 ` James Morris
2015-07-28 16:58 ` Josh Boyer
2015-07-28 15:12 ` David Woodhouse
2015-07-28 18:47 ` Peter Jones
2015-07-28 19:14 ` David Howells
2015-07-28 19:52 ` Peter Jones
2015-07-28 16:17 ` David Howells
2015-07-28 16:59 ` James Bottomley
2015-07-28 19:11 ` David Howells
2015-07-28 19:34 ` Luis R. Rodriguez
2015-07-28 21:53 ` James Bottomley
2015-07-28 22:39 ` David Howells
2015-07-28 22:44 ` Andy Lutomirski
2015-07-29 8:39 ` David Woodhouse
2015-07-28 18:36 ` josh
2015-07-28 18:44 ` James Bottomley
2015-07-28 18:54 ` josh
2015-07-28 19:06 ` Luis R. Rodriguez
2015-07-28 21:38 ` Greg KH
2015-07-28 23:59 ` josh
2015-07-29 0:17 ` Greg KH
2015-07-29 9:37 ` David Woodhouse
2015-07-29 15:00 ` James Bottomley
2015-07-29 15:35 ` David Woodhouse
2015-07-29 16:38 ` James Bottomley
2015-07-29 17:32 ` David Woodhouse
2015-07-29 23:39 ` James Bottomley
2015-07-30 8:08 ` David Woodhouse
2015-07-30 13:48 ` James Bottomley
2015-07-30 14:21 ` Heiko Stübner
2015-07-30 14:30 ` James Bottomley
2015-07-30 15:01 ` David Woodhouse
2015-07-30 16:17 ` James Bottomley
2015-07-30 19:17 ` David Woodhouse
2015-07-31 14:41 ` Theodore Ts'o
2015-07-31 16:14 ` Tim Bird
2015-07-31 17:25 ` David Woodhouse
2015-07-30 16:24 ` Tim Bird
2015-07-29 16:35 ` Josh Triplett
2015-07-29 8:29 ` David Woodhouse
2015-07-29 11:57 ` Mark Brown
2015-07-29 12:02 ` David Woodhouse
2015-07-29 12:24 ` Mark Brown
2015-07-28 19:23 ` David Woodhouse
2015-07-28 19:19 ` David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1439474469.2222.21.camel@HansenPartnership.com \
--to=james.bottomley@hansenpartnership.com \
--cc=jack@suse.cz \
--cc=jkkm@jkkm.org \
--cc=ksummit-discuss@lists.linuxfoundation.org \
--cc=mcgrof@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox