[Cryptography] Anonymous rendezvous (was Business opportunities in crypto)

[jrzx]

On Saturday, May 8, 2021 6:43 PM, Christian Huitema
<huitema at huitema.net> wrote:
> The initial problem that I had in mind is probably better
> called something like "discrete handshake". The typical
> scenario involve parties that know each and have exchanged
> credentials beforehand, like employees of the same company
> or devices belonging to the same owner.
>
> The problem is to establish a network connection without
> divulging their identities and presence to outside
> observers. For example, in the two employees scenario, their
> laptops discover each other by broadcasting messages over
> WiFi or Bluetooth, but these messages do not reveal to
> observers identifying information like static MAC
> Addresses, IP addresses or public key values.

Easy:  Ann broadcasts a message that only Bob can decrypt.
Bob attempts to decrypt all incoming messages.  If he
succeeds, then the message from Ann will say "Hi Bob, this
is Ann, and my current network address is such and such."

Bob then narrowcasts an encrypted message to Ann
"Hi, this is Bob, and my current network address is
so and so."

Assume Ann knows Bob's public key, and Bob knows Ann's
public key, but their network addresses are likely to
randomly change

They want each other to know each other's network addresses,
but do not want the whole wide world to know each other's
network addresses.

So Ann generates a random single use scalar r, and generates
the corresponding elliptic point R=r*G

Bob's public key is B=b*G, where only Bob knows b.

So Ann broadcasts a message containing R in the clear,
followed by encrypted data encrypted using the secret value
r*B

For every incoming message, Bob tries to decrypt the encrypted
part using the value b*X, where X is the elliptic point at the
start of the message.


If the message is intended for him
b*X = x*B, because both are equal to b*x*G.

When Bob replies, he similarly constructs a message that only
Ann can decrypt.