[14783] in cryptography@c2.net mail archive
Re: Are there...one-way encryption algorithms
daemon@ATHENA.MIT.EDU (Anton Stiglic)
Wed Nov 19 15:22:48 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: "Anton Stiglic" <astiglic@okiok.com>
To: "David Wagner" <daw-usenet@taverner.cs.berkeley.edu>
Cc: <cryptography@metzdowd.com>
Date: Tue, 18 Nov 2003 09:19:48 -0800
"David Wagner" <daw@taverner.cs.berkeley.edu> wrote in message
news:bp9c6h$kpe$1@abraham.cs.berkeley.edu...
> martin f krafft wrote:
> >it came up lately in a discussion, and I couldn't put a name to it:
> >a means to use symmetric crypto without exchanging keys:
> >
> > - Alice encrypts M with key A and sends it to Bob
> > - Bob encrypts A(M) with key B and sends it to Alice
> > - Alice decrypts B(A(M)) with key A, leaving B(M), sends it to Bob
> > - Bob decrypts B(M) with key B leaving him with M.
> >
> >Are there algorithms for this already? What's the scheme called?
>
> It's called Pollig-Hellman.
If I'm not mistaken you are wrong. Pohlig-Hellman proposed an encryption
scheme based on discret log, the description of the OP was for a
key transport protocol.
In Pohlig-Hellman, what you do is have Alice and Bob share secret
keys k and d such that k*d == 1 mod (p-1), where p is some prime.
To encrypt a message M Alice computes M^k mod p, and Bob
can decrypt by computing (M^k)^d mod p == M mod p.
This is commonly referred to as the Pohlig-Hellman symmetric-key
exponentiation cipher.
It is described in patent 4,424,414 which you can find here
http://patft.uspto.gov/netahtml/search-bool.html
Also mentioned in HAC, chapter 15, section 15.2.3, (iii).
The algorithm that was described by the OP is really Shamir's
three-pass algorithm, also known as Shamir's no-key protocol.
--Anton
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
