anonymous DH & MITM

bear bear at sonic.net
Sun Oct 5 12:58:56 EDT 2003 


On Sat, 4 Oct 2003, Benja Fallenstein wrote:
>Does it work?
>
>Assume A() is Alice's series, B() is Bob's, MA() is the one Mitch uses
>with Alice, MB() the one Mitch uses with Bob.
>
>- Mitch sends first half of cyphertext of MA(1000) (to Alice)
>- Alice sends first half of cyphertext of her move + A(1000) (to Mitch)
>- Mitch sends second half
>- Alice sends second half
>
>Mitch can now decrypt Alice's move.
>
>- Bob sends first half of cyphertext of B(1000) (to Mitch)
>- Mitch sends first half of cyphertext of Alice's move + MB(1000) (to Bob)
>- Bob sends second half.
>- Mitch sends second half.
>
>Bob decides on his move.
>
>- Bob sends first half of ciphertext of his move + B(999) (to Mitch)
>- Mitch sends first half of ciphertext of MB(999) (to Bob)
>- Bob sends second half.
>- Mitch sends second half.
>
>Mitch can now decrypt Bob's move...
>
>Am I missing something?

Yes, although I hadn't immediately realized it would be necessary:
Timing information.  If you require 30-45 seconds between packets,
Mitch's game dies a rapid death.

T:0 - Mitch sends first half of cyphertext of MA(1000) (to Alice)
T:30 - Alice sends first half of cyphertext of her move + A(1000) (to Mitch)
T:60 - Mitch sends second half
T:90 - Alice sends second half

Mitch can now decrypt Alice's move.

T:60 - Bob sends first half of cyphertext of B(1000) (to Mitch)
T:90 - Mitch sends first half of cyphertext of Alice's move + MB(1000) (to Bob)
T:120 - Bob sends second half.
T:135 - Alice times out waiting for Bob's response because it's 45
        seconds since her last packet. Mitch must commit to a move
	ignorant of Bob's move by now, if he is to continue the game.
T:150 - Mitch sends second half of Alice's move to Mitch

Bob decides on his move.

You could fiddle the intervals, within limits, or allow the players an
"I need more time to think" move, but if they're not allowed to use it
more than one time in three, then mitch isn't going to be able to make
more than two moves.


				Bear



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list