One Key to Rule Them All

We show how to specify an elliptic curve public key, RSA public key and DSA public key all in a single 2048 bit block. The method gives a wide choice of nite elds and curves for use in the ECC system and introduces no known security weaknesses. The method hence allows algorithm type to be decided at run time, rather than at the time the public keys are distributed. However, this is done without the need for very large key lengths. Suppose Alice wishes to publish her public key in some directory, so that someone else, say Bob, can verify Alice's digital signatures, or send Alice secret messages. At present Alice rst has to decide on which of the three standard public key algorithms to use: RSA, DSA or ECC. Given this Alice then passes to the directory, or CA, the bit pattern which represents her public key for that given algorithm. If Alice wished to keep the choice of algorithm open, until the key was actually used, then she would need to give the bit patterns of three independent public keys. Such a situation could arise where we do not know how the public key is to be used. For example, if Bob is going to verify signatures from Alice, or send messages to Alice, using a small constrained device then RSA is probably to be preferred as the public key operations are much faster with RSA. If however, Alice's operations, whether signing or decryption, are to be performed on a small constrained device then ECC is probably to be the preferred option. There may even be some situations where DSA is the preferred option. In any case if Alice wishes to make available all three public keys in the directory then, with current recommendations for key sizes, she will require 1024 bits to specify her RSA key, another 1024 bits to specify her DSA key (assuming a preagreed nite eld is used) and another 170 bits to specify an ECC public key (assuming a preagreed curve is used). Hence a total of 2218 bits are required. If the system require that users should use di erent nite elds for DSA or di erent curves for ECC then the number of bits required increases, to at least 3500. In fact Alice may prefer to use elliptic curves over odd characteristic elds, since Alice may be using a PC based environment to perform her operations in. Whilst another user may prefer elliptic curves over even characteristic elds, since they may be using a dedicated hardware device. It is also known that using the same nite eld for DSA over a large number of users creates an attractive weakness which could be exploited by an admittedly rich adversary. If all three keys where stored in their standardized ASN.1 notation then the amount of storage required would be even larger. Another problem with using separate keys occurs in the (admittedly) unlikely event that one of the three main public key algorithms falls to an as yet unknown attack. If this \doomsday" scenario occurred then all public keys and the associated public key infrastructure would need to be revoked and redeployed for all keys which used the given public key algorithm. If however a public key was used which did