anonymous DH & MITM
Zooko O'Whielacronx
zooko at zooko.com
Sat Oct 4 07:46:12 EDT 2003
(about the Interlock Protocol)
Benja wrote:
>
> The basic idea is that Alice sends *half* of her ciphertext, then Bob
> *half* of his, then Alice sends the other half and Bob sends the other
> half (each step is started only after the previous one was completed).
> The point is that having only half of the first ciphertext, Mitch can't
> decrypt it, and thus not pass on the correct thing to Bob in the first
> step and to Alice in the second, so both can actually be sure to have
> the public key of the person that made the other move.
That sounds like an accurate summary to me.
I think that the important thing is that the first message commits the sender
to the contents while withholding knowledge of the contents from the recipient.
The second message reveals the contents to the recipient.
The fact that this is implemented by sending half of the ciphertext at a time
seems peripheral. The same qualities would arise if this were implemented
with a different commitment protocol, such as sending a secure hash of the
tuple of (my_message, a_random_nonce).
Regards,
Zooko
http://zooko.com/log.html
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list