[14760] in cryptography@c2.net mail archive
Roundtrip Blinding (was: A-B-a-b encryption)
daemon@ATHENA.MIT.EDU (bear)
Sun Nov 16 19:33:16 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Sun, 16 Nov 2003 09:44:16 -0800 (PST)
From: bear <bear@sonic.net>
To: martin f krafft <madduck@madduck.net>
Cc: crypto list <cryptography@metzdowd.com>
In-Reply-To: <20031114081925.GA11764@piper.madduck.net>
On Fri, 14 Nov 2003, martin f krafft wrote:
>it came up lately in a discussion, and I couldn't put a name to it:
>a means to use symmetric crypto without exchanging keys:
>
> - Alice encrypts M with key A and sends it to Bob
> - Bob encrypts A(M) with key B and sends it to Alice
> - Alice decrypts B(A(M)) with key A, leaving B(M), sends it to Bob
> - Bob decrypts B(M) with key B leaving him with M.
>
>Are there algorithms for this already? What's the scheme called?
>I searched Schneier (non-extensively) but couldn't find a reference.
This is a roundtrip blinding message protocol.
First of all, you mean asymmetric crypto (where encryption
key != decryption key).
The problem with this is that there are very few encryption
algorithms that this will work with and all the ones I know
have serious problems in modes where this is possible. In
general,
decrypt(a, encrypt(b, encrypt(a, M))) != encrypt(b, M)
in most secure cipher systems.
RSA will do this - but in modes where stunts like this are
possible, it means you're using "straight" RSA -- ie, without
padding the blocks with randomness. And this leaves RSA open
to some types of attacks that are very difficult to allow for
in a secure system. Where RSA is used in this mode (for blinding
digital cash, etc) it is used in a very stylized and restricted
way, blinding "tokens" whose interpretation and use is very
limited.
Bear
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
