anonymous DH & MITM
Benja Fallenstein
b.fallenstein at gmx.de
Fri Oct 3 13:49:19 EDT 2003
Hi --
bear wrote:
> On Thu, 2 Oct 2003, Zooko O'Whielacronx wrote:
>>R. L. Rivest and A. Shamir. How to expose an
>>eavesdropper. Communications of the ACM, 27:393-395, April 1984.
>
> Ah. Interesting, I see. It's an interesting application of a
> bit-commitment scheme.
Ok, so my other mail came far too late to be useful to you ;-)
> Why should this not be applicable to chess? There's nothing to
> prevent the two contestants from making "nonce" transmissions twice a
> move when it's not their turn.
Maybe you have already a more advanced thing in mind than I do, but if
your protocol would then look just like this--
- Alice sends first half of cyphertext of her move
- Bob sends first half of cyphertext of random nonce
- Alice sends second half
- Bob sends second half
and vice versa, consider this:
- Alice sends first half of cyphertext of her move (to Mitch)
- Mitch sends first half of cyphertext of random nonce (to Alice)
- Alice sends second half
- Mitch sends second half
- Mitch sends first half of cyphertext of Alice's move (to Bob)
- Bob sends first half of cyphertext of random nonce (to Alice)
...
I.e., you would need a protocol extension to verify the nonces somehow--
if that's possible at all-- or are you just faster than me, and have
thought about a way to do that already?
Thx,
- Benja
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list