DH/DSS vs ElGame/DSS?
David Shaw
dshaw at jabberwocky.com
Fri Apr 24 15:04:58 CEST 2009
On Apr 24, 2009, at 7:50 AM, Robert J. Hansen wrote:
> allen.schultz at gmail.com wrote:
>> What is the difference between DH/DSS and ElGamel/DSS? I was
>> reading up
>> on S/MIME v3 and PGP/MIME differences when that came up.
>
> I don't know how it's used in the S/MIME standard. However, the
> Elgamal
> encryption algorithm is often misnamed the Diffie-Hellman encryption
> algorithm.
>
> The DH key exchange algorithm (DHKEA) came first, way back in the
> '70s.
> Then an Egyptian-American named Taher Elgamal did some groundbreaking
> work in generalizing DHKEA, discovering the mathematical roots of
> why it
> worked as well as it does, and in the process developed a whole family
> of algorithms. This family is often called the "Elgamal family." He
> also developed the Elgamal encryption and signing algorithms.
>
> It is my understanding that the correct name for what OpenPGP uses is
> the Elgamal encryption algorithm. I don't know why PGP Corporation
> calls it Diffie-Hellman encryption; it seems to be an idiosyncratic
> usage.
It's historical. Back in the late 1990s, the PGP developers were
offered a free patent license if they called it Diffie-Hellman. Now
that the patent has expired, though, it's a little hard to change
their product without confusing a bunch of customers who would see
their "Diffie-Hellman" keys suddenly become "Elgamal" keys.
David
More information about the Gnupg-users
mailing list