Are there...one-way encryption algorithms
Anton Stiglic
astiglic at okiok.com
Tue Nov 18 12:19:48 EST 2003
"David Wagner" <daw at taverner.cs.berkeley.edu> wrote in message
news:bp9c6h$kpe$1 at abraham.cs.berkeley.edu...
> martin f krafft wrote:
> >it came up lately in a discussion, and I couldn't put a name to it:
> >a means to use symmetric crypto without exchanging keys:
> >
> > - Alice encrypts M with key A and sends it to Bob
> > - Bob encrypts A(M) with key B and sends it to Alice
> > - Alice decrypts B(A(M)) with key A, leaving B(M), sends it to Bob
> > - Bob decrypts B(M) with key B leaving him with M.
> >
> >Are there algorithms for this already? What's the scheme called?
>
> It's called Pollig-Hellman.
If I'm not mistaken you are wrong. Pohlig-Hellman proposed an encryption
scheme based on discret log, the description of the OP was for a
key transport protocol.
In Pohlig-Hellman, what you do is have Alice and Bob share secret
keys k and d such that k*d == 1 mod (p-1), where p is some prime.
To encrypt a message M Alice computes M^k mod p, and Bob
can decrypt by computing (M^k)^d mod p == M mod p.
This is commonly referred to as the Pohlig-Hellman symmetric-key
exponentiation cipher.
It is described in patent 4,424,414 which you can find here
http://patft.uspto.gov/netahtml/search-bool.html
Also mentioned in HAC, chapter 15, section 15.2.3, (iii).
The algorithm that was described by the OP is really Shamir's
three-pass algorithm, also known as Shamir's no-key protocol.
--Anton
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list