True or false: "With all asymmetric algorithms, you can both sign and encrypt."
False — there are pure signature algorithms (DSA, Schnorr, Nyberg-Rueppel) that cannot encrypt. Only RSA and ElGamal support both signing and encryption.
Why some algorithms can't encrypt:
- DSA was designed by NIST specifically as a signature-only scheme — partly to avoid RSA's patents, partly as a design choice
- Schnorr and Nyberg-Rueppel are also signature-only by design
- Their mathematical structure computes a verification value, not a ciphertext that can be reversed
The related misconception: "For all asymmetric algorithms, signing is the same operation as encrypting" — also FALSE. This is only true for RSA, where $s = m^d$ (sign) looks like the reverse of $c = m^e$ (encrypt). For all other algorithms, signing and encrypting use fundamentally different computations.
Another subtle distinction: "Signing with the private key" and "encrypting with the private key" are NOT equivalent. Signing produces a value anyone can verify. "Encrypting" with a private key is a misleading description — it doesn't provide confidentiality since anyone with the public key can "decrypt" it.
Go deeper:
Public-key cryptography — signing vs encrypting — separate diagrams for the two operations, showing why "sign" and "encrypt with the private key" are not the same thing.