# Are there...one-way encryption algorithms

Anton Stiglic astiglic at okiok.com
Tue Nov 18 12:19:48 EST 2003

```"David Wagner" <daw at taverner.cs.berkeley.edu> wrote in message
news:bp9c6h\$kpe\$1 at abraham.cs.berkeley.edu...
> martin f krafft  wrote:
> >it came up lately in a discussion, and I couldn't put a name to it:
> >a means to use symmetric crypto without exchanging keys:
> >
> >  - Alice encrypts M with key A and sends it to Bob
> >  - Bob encrypts A(M) with key B and sends it to Alice
> >  - Alice decrypts B(A(M)) with key A, leaving B(M), sends it to Bob
> >  - Bob decrypts B(M) with key B leaving him with M.
> >
> >Are there algorithms for this already? What's the scheme called?
>
> It's called Pollig-Hellman.

If I'm not mistaken you are wrong.  Pohlig-Hellman proposed an encryption
scheme based on discret log, the description of the OP was for a
key transport protocol.
In Pohlig-Hellman, what you do is have Alice and Bob share secret
keys k and d such that k*d == 1 mod (p-1), where p is some prime.
To encrypt a message M Alice computes M^k mod p, and Bob
can decrypt by computing (M^k)^d mod p == M mod p.

This is commonly referred to as the Pohlig-Hellman symmetric-key
exponentiation cipher.

It is described in patent 4,424,414 which you can find here
http://patft.uspto.gov/netahtml/search-bool.html

Also mentioned in HAC, chapter 15, section 15.2.3, (iii).

The algorithm that was described by the OP is really Shamir's
three-pass algorithm, also known as Shamir's no-key protocol.

--Anton

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

```