anonymous DH & MITM

Benja Fallenstein b.fallenstein at gmx.de
Fri Oct 3 13:49:19 EDT 2003


Hi --

bear wrote:
> On Thu, 2 Oct 2003, Zooko O'Whielacronx wrote:
>>R. L. Rivest and A. Shamir. How to expose an
>>eavesdropper. Communications of the ACM, 27:393-395, April 1984.
> 
> Ah.  Interesting, I see. It's an interesting application of a
> bit-commitment scheme.

Ok, so my other mail came far too late to be useful to you ;-)

> Why should this not be applicable to chess?  There's nothing to
> prevent the two contestants from making "nonce" transmissions twice a
> move when it's not their turn.

Maybe you have already a more advanced thing in mind than I do, but if 
your protocol would then look just like this--

- Alice sends first half of cyphertext of her move
- Bob sends first half of cyphertext of random nonce
- Alice sends second half
- Bob sends second half

and vice versa, consider this:

- Alice sends first half of cyphertext of her move (to Mitch)
- Mitch sends first half of cyphertext of random nonce (to Alice)
- Alice sends second half
- Mitch sends second half

- Mitch sends first half of cyphertext of Alice's move (to Bob)
- Bob sends first half of cyphertext of random nonce (to Alice)
...

I.e., you would need a protocol extension to verify the nonces somehow-- 
if that's possible at all-- or are you just faster than me, and have 
thought about a way to do that already?

Thx,
- Benja

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list