Difference signature / asymetric encryption (PQC)

cn flag

The NIST is currently trying to select new standards for post-quantum cryptography. The two main categories for the candidates are "Public-key Encryption and Key-establishment Algorithms" and "Digital Signature Algorithms".

The signature algorithms are based on public-key encryption algorithms. Thus, why to separate these two categories ? Is it a matter of implementation, or of performance maybe ?

ng flag

The question's statement

The signature algorithms are based on public-key encryption algorithms

goes straight against accepted wisdom. Which is that signature and public-key encryption are separate beasts, and we know no general way to build¹ the former from the later, or vice versa.

This explains the two categories “Public-key Encryption and Key-establishment Algorithms” and “Digital Signature Algorithms”.

¹ Sure, we can build both kinds from trapdoor permutations. The standard examples are RSA signature like RSASSA-PSS and RSA encryption like RSAES-OAEP, both built from the textbook RSA trapdoor permutation of $[0,n)$ per $x\mapsto x^e\bmod n$. But there are many other useful constructions of signature and public-key encryption.

vu flag

Like fgrieu said, not all public-key algorithms are based on bijective trapdoor permutations.

If the standardization effort looked for a general-purpose bijective permutation, then we may very probably miss some special-purpose constructs that're more efficient when designed specifically for PKE/KEM or DSS.

I mean, designing something that fits the need of both functions may make the result significantly less efficient.


Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.