DSA2

[David Shaw]

On Wed, Sep 27, 2006 at 12:33:38AM +0200, Carlo Luciano Bianco wrote:

> >> So my point is: what is the real advantage of "DSA2" over RSA
> >> (if any, beside being the US standard)? 
> > 
> > Smaller signatures, for one.  Try making a 3072-bit key/256-bit
> > hash with DSA and RSA.  The RSA signature is much larger.
> 
> Yes, as I replied to Qed, this is a good point which I did not
> consider. Actually, I noticed this "enlargement" when I switched
> from my old DSA-1024/ElG-4096 key to my new RSA-4096/RSA-4096 one.
> But, at that time, I thought it was mainly due to the different key
> and hash sizes, not to the algorithm itself... 

It's due to both, actually.  The RSA signature size is tied to the
size of the key.  The DSA signature size is tied to the size of the
hash used (and remember that DSA can accept truncated hashes).

David