[14504] in cryptography@c2.net mail archive
Re: anonymous DH & MITM
daemon@ATHENA.MIT.EDU (Benja Fallenstein)
Sat Oct 4 15:27:28 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Sat, 04 Oct 2003 22:24:28 +0300
From: Benja Fallenstein <b.fallenstein@gmx.de>
To: bear <bear@sonic.net>
Cc: Zooko O'Whielacronx <zooko@zooko.com>,
Ian Grigg <iang@systemics.com>, M Taylor <mctylr@privacy.nb.ca>,
Cryptography list <cryptography@metzdowd.com>
In-Reply-To: <Pine.LNX.4.58.0310031549590.31741@bolt.sonic.net>
bear wrote:
> On Fri, 3 Oct 2003, Benja Fallenstein wrote:
>>bear wrote:
>>>Why should this not be applicable to chess? There's nothing to
>>>prevent the two contestants from making "nonce" transmissions twice a
>>>move when it's not their turn.
>>
>>I.e., you would need a protocol extension to verify the nonces somehow--
>>if that's possible at all-- or are you just faster than me, and have
>>thought about a way to do that already?
>
> Not "faster" per se, but I do happen to know the solution to that
> problem. :-)
Ah, good ;-)
> Suppose Alice picks a nonce A(zero). Then for n=one to a thousand
> (presumably no chess game will last 1000 moves) she calculates A(n) =
> hash (A(n-1)).
Does it work?
Assume A() is Alice's series, B() is Bob's, MA() is the one Mitch uses
with Alice, MB() the one Mitch uses with Bob.
- Mitch sends first half of cyphertext of MA(1000) (to Alice)
- Alice sends first half of cyphertext of her move + A(1000) (to Mitch)
- Mitch sends second half
- Alice sends second half
Mitch can now decrypt Alice's move.
- Bob sends first half of cyphertext of B(1000) (to Mitch)
- Mitch sends first half of cyphertext of Alice's move + MB(1000) (to Bob)
- Bob sends second half.
- Mitch sends second half.
Bob decides on his move.
- Bob sends first half of ciphertext of his move + B(999) (to Mitch)
- Mitch sends first half of ciphertext of MB(999) (to Bob)
- Bob sends second half.
- Mitch sends second half.
Mitch can now decrypt Bob's move...
Am I missing something?
- Benja
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
