martin f krafft wrote: > it came up lately in a discussion, and I couldn't put a name to it: > a means to use symmetric crypto without exchanging keys: > > - Alice encrypts M with key A and sends it to Bob > - Bob encrypts A(M) with key B and sends it to Alice > - Alice decrypts B(A(M)) with key A, leaving B(M), sends it to Bob > - Bob decrypts B(M) with key B leaving him with M. > > Are there algorithms for this already? What's the scheme called? > I searched Schneier (non-extensively) but couldn't find a reference. > > Thanks,
The protocol is called the Shamir three-pass protocol. It needs a commutative cipher. Probably the only cipher that it can be securely used with is called the Pohlig-Hellman cipher, a simple exponentiating cipher over Zp. Whether it's a symmetric cipher is a matter of precise definition, though despite the encryption and decryption keys being different I would consider it such. A better term might be a secret-key cipher. It's quite easy to find the decryption key d from the encryption key e: d*e = 1 mod (p-1) C = M^e mod p M = C^d mod p p should be a "safe" (= 2q+1, q prime) prime, and all keys used should be odd and !=q. There is an ECC variant. There are lots of things to watch out for in implementations. I'm trying to develop (or find? anyone?) a secure symmetric cipher which is a group, where if you know A and B you can find a key C that decrypts B(A(M)), but that's a different story. -- Peter Fairbrother --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
