[14791] in cryptography@c2.net mail archive
Re: Are there...one-way encryption algorithms
daemon@ATHENA.MIT.EDU (Bodo Moeller)
Thu Nov 20 15:49:44 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Thu, 20 Nov 2003 06:42:11 -0800
From: Bodo Moeller <moeller@cdc.informatik.tu-darmstadt.de>
To: Anton Stiglic <astiglic@okiok.com>
Cc: David Wagner <daw-usenet@taverner.cs.berkeley.edu>,
cryptography@metzdowd.com
In-Reply-To: <002b01c3adf8$2b626830$bc00a8c0@p1038mobile>
On Tue, Nov 18, 2003 at 09:19:48AM -0800, Anton Stiglic wrote:
> "David Wagner" <daw@taverner.cs.berkeley.edu>:
>> martin f krafft wrote:
>>> it came up lately in a discussion, and I couldn't put a name to it:
>>> a means to use symmetric crypto without exchanging keys:
>>>
>>> - Alice encrypts M with key A and sends it to Bob
>>> - Bob encrypts A(M) with key B and sends it to Alice
>>> - Alice decrypts B(A(M)) with key A, leaving B(M), sends it to Bob
>>> - Bob decrypts B(M) with key B leaving him with M.
>>>
>>> Are there algorithms for this already? What's the scheme called?
>> It's called Pollig-Hellman.
> If I'm not mistaken you are wrong. Pohlig-Hellman proposed an encryption
> scheme based on discret log, the description of the OP was for a
> key transport protocol.
> In Pohlig-Hellman, what you do is have Alice and Bob share secret
> keys k and d such that k*d == 1 mod (p-1), where p is some prime.
> To encrypt a message M Alice computes M^k mod p, and Bob
> can decrypt by computing (M^k)^d mod p == M mod p.
[...]
> The algorithm that was described by the OP is really Shamir's
> three-pass algorithm, also known as Shamir's no-key protocol.
The Pohlig-Hellman cipher is the modular scheme that you describe, but
observe there is a connection to the protocol above: that protocol
works only if encryption and decryption has a certain commutativity
property (decrypting B(A(M)) with key A must leave B(M), not
just some A^-1(B(A(M))) that might look entirely different), and
the Pohlig-Hellman cipher has this property.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
