A-B-a-b encryption

[Peter Fairbrother]

martin f krafft wrote:

> it came up lately in a discussion, and I couldn't put a name to it:
> a means to use symmetric crypto without exchanging keys:
> 
> - Alice encrypts M with key A and sends it to Bob
> - Bob encrypts A(M) with key B and sends it to Alice
> - Alice decrypts B(A(M)) with key A, leaving B(M), sends it to Bob
> - Bob decrypts B(M) with key B leaving him with M.
> 
> Are there algorithms for this already? What's the scheme called?
> I searched Schneier (non-extensively) but couldn't find a reference.
> 
> Thanks,

The protocol is called the Shamir three-pass protocol. It needs a
commutative cipher.

Probably the only cipher that it can be securely used with is called the
Pohlig-Hellman cipher, a simple exponentiating cipher over Zp.

Whether it's a symmetric cipher is a matter of precise definition, though
despite the encryption and decryption keys being different I would consider
it such. A better term might be a secret-key cipher. It's quite easy to find
the decryption key d from the encryption key e:

d*e = 1 mod (p-1)

C = M^e mod p
M = C^d mod p


p should be a "safe" (= 2q+1, q prime) prime, and all keys used should be
odd and !=q. There is an ECC variant. There are lots of things to watch out
for in implementations.



I'm trying to develop (or find? anyone?) a secure symmetric cipher which is
a group, where if you know A and B you can find a key C that decrypts
B(A(M)), but that's a different story.


-- 
Peter Fairbrother

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com