Key Pair Agreement?
David Wagner
daw at mozart.cs.berkeley.edu
Mon Jan 20 17:18:06 EST 2003
Jeroen C. van Gelderen wrote:
>Here is a scenario: Scott wants Alice to generate a key pair after
>which he will receive Alice's public key. At the same time, Scott wants
>to make sure that this key pair is newly generated (has not been used
>before).
You might be able to have Scott specify a 64-bit string, and then ask
Alice to come up with a RSA public key that has this string as its low
64 bits. I believe it is straightforward to modify the RSA key generation
algorithm to generate keypairs of the desired form.
If you're worried about the security of allowing Scott to choose the
low bits of Alice's public key, you could have Scott and Alice perform
a joint coin-flipping protocol to select a random 64-bit string that
neither can control, then proceed as before.
I haven't worked out all the details, but something like this might
be workable.
In practice, you might also want to confirm that Alice knows her private
key (i.e., has ability to decrypt messages encrypted under her public
key).
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list