DSA and ECC (was: Looking for Elgamal sign+encrypt key information)

Werner Koch wk at gnupg.org
Tue Mar 23 09:34:58 CET 2004

On Sun, 21 Mar 2004 21:01:17 -0700, Kurt Fitzner said:

> Perhaps.  I wouldn't go adding ECDSA just for coolness factor.  But,

There is one reason I can see for adding ECDSA: Smartcards
implementing ECC are far cheaper than usable cards with RSA (something
like 4 compared to 12 Euro).  ECC can be implemented on cards without
a NPU required for fast RSA operations. 

We discussed ECC in the WG some time ago and the consensus was that
there is no need for ECC in OpenPGP because ECC does not give an
advantage on todays general purpose computers.

As it happens, an experimental patch to GnuPG to provide ECDH and
ECDSA as experimental algorithms has just been posted to gnupg-devel;
see http://alumnes.eup.udl.es/~d4372211/index.en.html .

> I really don't know how much of an issue this would be.  Is the
> incorporation of DSS important to GnuPG and OpenPGP?  How much of the

Yes, it is a MUST algorithm (DSA+SHA1).

> reasoning for incorporating DSA was that it was a standard, and how
> much of it was because of RSA's patent?  These are questions I don't

The reason to use DSA was due to the RSA patent of course.  DSA has
also the advantage of yielding a small signature.


More information about the Gnupg-users mailing list