Are encryption algorithms

Anton Stiglic astiglic at
Tue Nov 18 12:19:48 EST 2003

"David Wagner" <daw at> wrote in message
news:bp9c6h$kpe$1 at
> martin f krafft  wrote:
> >it came up lately in a discussion, and I couldn't put a name to it:
> >a means to use symmetric crypto without exchanging keys:
> >
> >  - Alice encrypts M with key A and sends it to Bob
> >  - Bob encrypts A(M) with key B and sends it to Alice
> >  - Alice decrypts B(A(M)) with key A, leaving B(M), sends it to Bob
> >  - Bob decrypts B(M) with key B leaving him with M.
> >
> >Are there algorithms for this already? What's the scheme called?
> It's called Pollig-Hellman.

If I'm not mistaken you are wrong.  Pohlig-Hellman proposed an encryption
scheme based on discret log, the description of the OP was for a
key transport protocol.
In Pohlig-Hellman, what you do is have Alice and Bob share secret
keys k and d such that k*d == 1 mod (p-1), where p is some prime.
To encrypt a message M Alice computes M^k mod p, and Bob
can decrypt by computing (M^k)^d mod p == M mod p.

This is commonly referred to as the Pohlig-Hellman symmetric-key
exponentiation cipher.

It is described in patent 4,424,414 which you can find here

Also mentioned in HAC, chapter 15, section 15.2.3, (iii).

The algorithm that was described by the OP is really Shamir's
three-pass algorithm, also known as Shamir's no-key protocol.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list