A-B-a-b encryption
Peter Fairbrother
zenadsl6186 at zen.co.uk
Tue Nov 18 00:47:08 EST 2003
martin f krafft wrote:
> it came up lately in a discussion, and I couldn't put a name to it:
> a means to use symmetric crypto without exchanging keys:
>
> - Alice encrypts M with key A and sends it to Bob
> - Bob encrypts A(M) with key B and sends it to Alice
> - Alice decrypts B(A(M)) with key A, leaving B(M), sends it to Bob
> - Bob decrypts B(M) with key B leaving him with M.
>
> Are there algorithms for this already? What's the scheme called?
> I searched Schneier (non-extensively) but couldn't find a reference.
>
> Thanks,
The protocol is called the Shamir three-pass protocol. It needs a
commutative cipher.
Probably the only cipher that it can be securely used with is called the
Pohlig-Hellman cipher, a simple exponentiating cipher over Zp.
Whether it's a symmetric cipher is a matter of precise definition, though
despite the encryption and decryption keys being different I would consider
it such. A better term might be a secret-key cipher. It's quite easy to find
the decryption key d from the encryption key e:
d*e = 1 mod (p-1)
C = M^e mod p
M = C^d mod p
p should be a "safe" (= 2q+1, q prime) prime, and all keys used should be
odd and !=q. There is an ECC variant. There are lots of things to watch out
for in implementations.
I'm trying to develop (or find? anyone?) a secure symmetric cipher which is
a group, where if you know A and B you can find a key C that decrypts
B(A(M)), but that's a different story.
--
Peter Fairbrother
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list