[Cryptography] End-to-End, One-to-Many, Encryption Question

Philipp Gühring pg at futureware.at
Thu Jun 12 03:24:32 EDT 2014 

Hi,

Hmm, its obviously not yet secure, but perhaps it leads in the right direction:
Alice knows all the C* keys.
She first encrypts a larger packet to Bob which is encrypted with A, she additionally sends the A xor C1, A xor C2, ...
When asked by Charlie2, Bob applies A xor C2 and sends it to Charlie2,  Charlie2 decrypts it with C2.
Is it possible traffic-wise, that Alice sends all the keys always or at least for every key change? Theoretically Alice can keep A the same as long as she does not have to revoke a compromised key, but she can renew the key more often when she wants.

If Alice has enough bandwidth, she might want to partition the users into multiple segments, and use different A keys for the different segments. She will also want to use different watermarks in the different segments, if the data gets leakes by Charlie3 that she knows from which customer segment the leak came.

Best regards,
Philipp



Kent Borg <kentborg at borg.org> schrieb:
>I have a question, I think it is about concatenated encryption and 
>convolved keys, but I am not sure. It is the sort of question that lots
>
>of people should be asking these days, so forgive me it lots of people 
>have, I have been behind in my reading.
>
>
>Alice lives on the far end of a single DSL line, and produces data on a
>
>regular basis, she encrypts it with a key only she knows, and she sends
>
>it to Bob.
>
>Bob lives in the cloud (and so has lots of bandwidth), but Bob is in
>the 
>cloud, and therefore is only partially trusted, so he is given no 
>ability to directly decrypt the data. There is also lot of data 
>accumulated, he doesn't can't store unique copies for each client.
>
>Charley is a client, one of many (Charley-1, Charley-2, Charley-3,
>etc., 
>clients can come and go), he lives in a smart phone, say. He asks Bob 
>for a specific piece of data, Bob encrypts it with a Charley-1-specific
>
>key and sends it off.
>
>Charley-1 decrypts the data with a key that Bob does not know.
>
>If Alice discovers Charley-1 is compromised, she can instruct Bob to 
>delete Charley-1-specific data, destroying his ability to read data
>from 
>Bob. Alice probably knows everyone's keys, but Bob and Charley do not 
>know each other's keys, and again only Alice knows her key.
>
>If Charley-1 and Bob collude, the system is, unfortunately, broken, but
>
>that seems unavoidable.
>
>An attempt to restate the question:
>
>  Is there a way to encrypt once with key A, super-encrypt with key B1 
>(not knowing any other keys), and finally decrypt with key C1 (not 
>knowing any other keys)?  Or, super-encrypt with key B2, then decrypt 
>with key C2?
>
>In some respect this is a satellite TV problem subscription problem, 
>with an on-demand component.
>
>Is there a canonical answer here? Is it a stupid question?
>
>
>Thanks,
>
>-kb, the Kent who Googled some on this but the closest PDF seemed to 
>want to know all the Charlies in advance, and was too encrypted a paper
>
>for him to really understand anyway.
>_______________________________________________
>The cryptography mailing list
>cryptography at metzdowd.com
>http://www.metzdowd.com/mailman/listinfo/cryptography
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140612/9c698539/attachment.html>

More information about the cryptography mailing list