Roundtrip Blinding (was: A-B-a-b encryption)
bear
bear at sonic.net
Sun Nov 16 12:44:16 EST 2003
On Fri, 14 Nov 2003, martin f krafft wrote:
>it came up lately in a discussion, and I couldn't put a name to it:
>a means to use symmetric crypto without exchanging keys:
>
> - Alice encrypts M with key A and sends it to Bob
> - Bob encrypts A(M) with key B and sends it to Alice
> - Alice decrypts B(A(M)) with key A, leaving B(M), sends it to Bob
> - Bob decrypts B(M) with key B leaving him with M.
>
>Are there algorithms for this already? What's the scheme called?
>I searched Schneier (non-extensively) but couldn't find a reference.
This is a roundtrip blinding message protocol.
First of all, you mean asymmetric crypto (where encryption
key != decryption key).
The problem with this is that there are very few encryption
algorithms that this will work with and all the ones I know
have serious problems in modes where this is possible. In
general,
decrypt(a, encrypt(b, encrypt(a, M))) != encrypt(b, M)
in most secure cipher systems.
RSA will do this - but in modes where stunts like this are
possible, it means you're using "straight" RSA -- ie, without
padding the blocks with randomness. And this leaves RSA open
to some types of attacks that are very difficult to allow for
in a secure system. Where RSA is used in this mode (for blinding
digital cash, etc) it is used in a very stylized and restricted
way, blinding "tokens" whose interpretation and use is very
limited.
Bear
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list