A-B-a-b encryption

Peter Fairbrother zenadsl6186 at zen.co.uk
Tue Nov 18 00:47:08 EST 2003

martin f krafft wrote:

> it came up lately in a discussion, and I couldn't put a name to it:
> a means to use symmetric crypto without exchanging keys:
> - Alice encrypts M with key A and sends it to Bob
> - Bob encrypts A(M) with key B and sends it to Alice
> - Alice decrypts B(A(M)) with key A, leaving B(M), sends it to Bob
> - Bob decrypts B(M) with key B leaving him with M.
> Are there algorithms for this already? What's the scheme called?
> I searched Schneier (non-extensively) but couldn't find a reference.
> Thanks,

The protocol is called the Shamir three-pass protocol. It needs a
commutative cipher.

Probably the only cipher that it can be securely used with is called the
Pohlig-Hellman cipher, a simple exponentiating cipher over Zp.

Whether it's a symmetric cipher is a matter of precise definition, though
despite the encryption and decryption keys being different I would consider
it such. A better term might be a secret-key cipher. It's quite easy to find
the decryption key d from the encryption key e:

d*e = 1 mod (p-1)

C = M^e mod p
M = C^d mod p

p should be a "safe" (= 2q+1, q prime) prime, and all keys used should be
odd and !=q. There is an ECC variant. There are lots of things to watch out
for in implementations.

I'm trying to develop (or find? anyone?) a secure symmetric cipher which is
a group, where if you know A and B you can find a key C that decrypts
B(A(M)), but that's a different story.

Peter Fairbrother

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list