martin f krafft wrote: >it came up lately in a discussion, and I couldn't put a name to it: >a means to use symmetric crypto without exchanging keys: > > - Alice encrypts M with key A and sends it to Bob > - Bob encrypts A(M) with key B and sends it to Alice > - Alice decrypts B(A(M)) with key A, leaving B(M), sends it to Bob > - Bob decrypts B(M) with key B leaving him with M. > >Are there algorithms for this already? What's the scheme called?
It's called Pollig-Hellman. It only works if your encryption scheme is commutative. Most symmetric-key encryption schemes aren't commutative, but one scheme that does work is A(M) = M^A mod p. One scheme that doesn't work is A(M) = M xor A; XOR is indeed commutative, but it becomes insecure when used in the above protocol. Anyway, the Pollig-Hellman protocol is no better (and probably no worse) than a straight Diffie-Hellman, so there seems to be little reason to adopt it. Just stick to standard Diffie-Hellman. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
