martin f krafft <[EMAIL PROTECTED]> writes: > it came up lately in a discussion, and I couldn't put a name to it: > a means to use symmetric crypto without exchanging keys: > > - Alice encrypts M with key A and sends it to Bob > - Bob encrypts A(M) with key B and sends it to Alice > - Alice decrypts B(A(M)) with key A, leaving B(M), sends it to Bob > - Bob decrypts B(M) with key B leaving him with M. > > Are there algorithms for this already? What's the scheme called? > I searched Schneier (non-extensively) but couldn't find a reference.
Hmm. You need a cipher such that given B(A(M)) and A you can get B(M). I know of only one with that property -- XOR style stream ciphers. Unfortunately that makes for a big flaw, so I'm not sure we should throw out our Diffie-Hellman implementations yet. Imagine the way this would work: Alice takes a secret pad A and secret key M she wishes to convey and does A xor M. She sends A xor M to Bob, who turns it into B xor A xor M, and returns it to Alice. Alice easily turns it into B xor M, and returns it to Bob. Bob then takes B xor M and turns it into M. However, consider Eve, listening in. She has A xor M, and B xor A xor M. She thus has B since A xor M xored with B xor A xor M yields B. She also has B xor M, so she too has M. "Not good". I'm not sure there are conventional ciphers with appropriate properties such that this would would well. Perry --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
