[14763] in cryptography@c2.net mail archive
Re: A-B-a-b encryption
daemon@ATHENA.MIT.EDU (Jeremiah Rogers)
Mon Nov 17 13:09:19 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <20031116172402.GA201@ovillatx.sytes.net>
Cc: martin f krafft <madduck@madduck.net>, cryptography@metzdowd.com
From: Jeremiah Rogers <jeremiah@kingprimate.com>
Date: Sun, 16 Nov 2003 18:43:10 -0500
To: lrk <crypto@ovillatx.sytes.net>
On Nov 16, 2003, at 12:24 PM, lrk wrote:
> "Stupid crypto", probably. Unless I'm missing something, this only
> works
> if A(A(M)) = M. Symetric crypto, not just symetric keys.
>
> NEVER willingly give the cryptanalyst the same message encrypted with
> the same system using two different keys.
>
> For the simple case, suppose F(X) = X ^ S (exclusive or with a string
> generated from the key).
>
> Then M = A(M) ^ B(M) ^ B(A(M)), right?
>
> Probably something similar for other symetric systems.
This is Shamir's Three-Pass protocol and it doesn't require a symmetric
system, it requires a commutative system. See Schneier p 516 (section
22.3) or [1] for details.
so A(A(M)) != M
Unless I'm mistaken, this commutative system does not leak information
in the same way as XOR does.
- Jeremiah
[1] http://www.afn.org/~afn21533/keyexchg.htm
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
