[14769] in cryptography@c2.net mail archive
Re: A-B-a-b encryption
daemon@ATHENA.MIT.EDU (David Wagner)
Mon Nov 17 13:10:04 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
To: cryptography@metzdowd.com
From: daw@taverner.cs.berkeley.edu (David Wagner)
Date: Mon, 17 Nov 2003 02:36:01 +0000 (UTC)
Reply-To: daw-usenet@taverner.cs.berkeley.edu (David Wagner)
X-Complaints-To: usenet@abraham.cs.berkeley.edu
martin f krafft wrote:
>it came up lately in a discussion, and I couldn't put a name to it:
>a means to use symmetric crypto without exchanging keys:
>
> - Alice encrypts M with key A and sends it to Bob
> - Bob encrypts A(M) with key B and sends it to Alice
> - Alice decrypts B(A(M)) with key A, leaving B(M), sends it to Bob
> - Bob decrypts B(M) with key B leaving him with M.
>
>Are there algorithms for this already? What's the scheme called?
It's called Pollig-Hellman. It only works if your encryption scheme
is commutative. Most symmetric-key encryption schemes aren't commutative,
but one scheme that does work is A(M) = M^A mod p. One scheme that doesn't
work is A(M) = M xor A; XOR is indeed commutative, but it becomes insecure
when used in the above protocol.
Anyway, the Pollig-Hellman protocol is no better (and probably no worse)
than a straight Diffie-Hellman, so there seems to be little reason to adopt
it. Just stick to standard Diffie-Hellman.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
