Key Pair Agreement?

[Hal Finney]

Another problem with this problem is that there are trivial solutions
because it is difficult to ensure that SEED1 is functionally essential
in the public key.  For example, generate a public key PK using a
normal method, and define the new public key PK' = (PK, SEED1).  Then to
encrypt to PK' the rule is to use the regular public key encryption to PK.
Technically PK' satisfies the requirements, but SEED1 plays no functional
role in the key.

I don't know if it would be possible to add a formal specification to make
sure that SEED1 plays an important role.  That seems hard to formalize.
And there might still be trivial solutions where SEED1 plays a very
small role.

Hal

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com