[14464] in cryptography@c2.net mail archive
Re: anonymous DH & MITM
daemon@ATHENA.MIT.EDU (Benja Fallenstein)
Fri Oct 3 13:59:47 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Fri, 03 Oct 2003 20:49:19 +0300
From: Benja Fallenstein <b.fallenstein@gmx.de>
To: bear <bear@sonic.net>
Cc: Zooko O'Whielacronx <zooko@zooko.com>,
Ian Grigg <iang@systemics.com>, M Taylor <mctylr@privacy.nb.ca>,
Cryptography list <cryptography@metzdowd.com>
In-Reply-To: <Pine.LNX.4.58.0310021628550.11401@bolt.sonic.net>
Hi --
bear wrote:
> On Thu, 2 Oct 2003, Zooko O'Whielacronx wrote:
>>R. L. Rivest and A. Shamir. How to expose an
>>eavesdropper. Communications of the ACM, 27:393-395, April 1984.
>
> Ah. Interesting, I see. It's an interesting application of a
> bit-commitment scheme.
Ok, so my other mail came far too late to be useful to you ;-)
> Why should this not be applicable to chess? There's nothing to
> prevent the two contestants from making "nonce" transmissions twice a
> move when it's not their turn.
Maybe you have already a more advanced thing in mind than I do, but if
your protocol would then look just like this--
- Alice sends first half of cyphertext of her move
- Bob sends first half of cyphertext of random nonce
- Alice sends second half
- Bob sends second half
and vice versa, consider this:
- Alice sends first half of cyphertext of her move (to Mitch)
- Mitch sends first half of cyphertext of random nonce (to Alice)
- Alice sends second half
- Mitch sends second half
- Mitch sends first half of cyphertext of Alice's move (to Bob)
- Bob sends first half of cyphertext of random nonce (to Alice)
...
I.e., you would need a protocol extension to verify the nonces somehow--
if that's possible at all-- or are you just faster than me, and have
thought about a way to do that already?
Thx,
- Benja
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
