anonymous DH & MITM
bear
bear at sonic.net
Thu Oct 2 19:38:53 EDT 2003
On Thu, 2 Oct 2003, Zooko O'Whielacronx wrote:
>
>> Perhaps I spoke too soon? It's not in Eurocrypt or Crypto 84 or 85,
>> which are on my shelf. Where was it published?
> R. L. Rivest and A. Shamir. How to expose an
> eavesdropper. Communications of the ACM, 27:393-395, April 1984.
Ah. Interesting, I see. It's an interesting application of a
bit-commitment scheme.
Hmmm. The key to this is that synchronous communications have to
happen. When it's your turn to move, you create a message that gives
the move, then pad it to some unsearchable length, encrypt, and send
half. MITM can't tell what the move is without seeing the second
half, so either has to make something up and send half of that, or
just transmit unchanged. The second half is sent by each player when
the first half has been recieved, and includes a checksum on the first
half that was actually recieved.
Mitch hast the choice of playing his own game of bughouse against each
of the contestants, which just turns him into a third contestant. Or
he has the choice of allowing the first two contestants to complete
their game without interference.
Why should this not be applicable to chess? There's nothing to
prevent the two contestants from making "nonce" transmissions twice a
move when it's not their turn.
Bear
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list